Bot Management
Fingerprint and classify bot traffic. Block malicious bots while allowing good bots like Googlebot.
Route:
/bot-managementHow bot detection works
OverviewHow Bot Detection Works
GuardFoxCopilot analyses each request against multiple signals to assign a bot verdict: Malicious, Suspicious, Good Bot, or Unknown.
Detection signals
| Signal | How it works |
|---|---|
| JS Fingerprinting | Captures browser canvas, WebGL, font metrics — headless browsers have distinctive signatures |
| Mouse entropy | Real humans have irregular mouse movement; bots move in straight lines or not at all |
| IP reputation (ASN) | Hosting/VPS/Tor ASNs score lower than residential ISPs |
| User-Agent analysis | Matches known bot UAs; flags scripts like python-requests, curl |
| Request rate | More than X req/min from a single IP triggers review |
| Reverse DNS verify | Confirms Googlebot/bingbot by matching IP to google.com DNS |
| Honeypot fields | Hidden form fields — only bots submit them |
Challenge modes
- Allow — pass through without action
- JS Challenge — serve a JavaScript puzzle (invisible to humans, fails bots)
- CAPTCHA — visible challenge for suspicious traffic
- Block — immediately return 403
Configuring bot rules
How to useConfiguring Bot Rules
Go to Detection → Bot Management → ⚙️ Rules.
Each rule has:
- Name — descriptive label
- Condition — what triggers the rule
- Action — what to do when triggered
- Enabled toggle — activate/deactivate without deleting
Recommended starting rules
| Rule | Condition | Action |
|---|---|---|
| Block Tor exits | ASN in Tor exit list | Block |
| Challenge headless | Missing JS fingerprint | JS Challenge |
| Rate limit login | >10 req/min to /api/auth/login | CAPTCHA |
| Allow search engines | UA = Googlebot + reverse DNS verified | Allow |
| Block high-risk ASNs | ASN reputation < 20 | Block |
Adding a custom rule
Custom rules are added via the API:
curl -X POST https://portal.guardfoxsecurity.com/api/bot-management/rules \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"name":"Block scrapers","condition":"ua_contains:scrapy","action":"block"}'