/cfg/security/botmng/botmng
Bot Manager Policy Menu
This section describes how to configure a Bot Manager policy.
 
Enter Bot Manager Policy id: 5
------------------------------------------------------------------
[Bot Manager Policy 5 Menu]
     name - Set descriptive policy name
     sid - Set the Subscriber ID of the protected entity
     sideband - Set sideband policy

     mode - Set bot manager protection mode as active or report-only
     redirect - Redirect options for active mode Menu
     custom   - Custom Response for active menu
     sessid - Set the Session ID variable
     userid - Set the user identifier variable
     ipaddr - Set the HTTP header indicating the IP address of the user
     jsinject - JS Injection script for improved detection Menu
     domaing  - Domain grouping
     filebyps - Set the static files extensions to bypass the processing
     apptype  - Set the application type as web or mobile
     appclass - Advanced Application Type Classifier Menu
     samesite - Set the bot manager cookies to be sent on requests from the same-site
     hdrfilt  - Set headers filter when allhdrs is enabled
     hostname - Set the hostname for the Bot Manager endpoint communication
     hdrlist  - Set a list of header names to include/exclude when allhdrs is enabled
     scookie  - Enable/Disable secure cookies
     allhdrs  - Enable/Disable collecting request headers for advanced detection

     trkevent - Enable/Disable tracking of events from Mobile Apps
     ena - Enable Bot Manager policy
     dis - Disable Bot Manager policy
     del - Delete Bot Manager Policy
     cur - Display current Bot Manager policy configuration
 
Bot Manager Menu Options (/cfg/security/botmng/botmng) 
Command Syntax and Usage
name [<"policy name">|none]
 
An optional description of the Bot Manager policy.
Maximum characters: 128
sid
 
The ID in UUID format that identifies the application in the Bot Manager endpoint.
Copy the Production ID from the Bot Manager portal and paste it here.
To access the subscriber ID, go to the Bot Manger portal and select Integration > Subscriber ID Details.
sideband
 
The ID of the policy that forms the connection between Alteon and the Bot Manager endpoint.
To add or edit a sideband policy, see Configuring the Sideband Connection.
mode [active|report]
 
The operational mode of the Bot Manager policy.
Values:
*active — Alteon performs block and redirect where necessary.
*report — Alteon allows all traffic to pass to the server but creates a report of the traffic for analysis. You commonly use this mode during the onboarding stage until all false positives are cleared.
Default: report
redirect
 
This menu is relevant only when the mode parameter is set to active.
Displays the Redirect Bot Manager Policy menu. To view this menu, see /cfg/security/botmng/botmng/redirect Redirect Bot Manager Policy Menu.
custom
 
This menu is relevant only when the mode parameter is set to active.
Displays the Custom Response menu. To view this menu, see /cfg/security/botmng/botmng/custom Custom Response Menu.
sessid [cookie|header|query|none]
 
Specifies from where to take the session ID.
Default: none
When the value is changed from none, the session identifier variable option displays. Enter here the key name of the session ID.
userid [cookie|header|query|none]
 
Specifies from where to take the user ID.
Default: none
When the value is changed from None, the User Identifier field displays. Enter here the key name of the cookie, header, or query value.
When the value is changed from none, the user identifier variable option displays. Enter here the key name of the user ID (case-sensitive).
Note: Once you configure this flag, the user ID value is encrypted using SHA1 and then added to the message sent to the Bot Manager endpoint (the user ID is never sent unencrypted).
ipaddr remote-addr                      x-forwarded-for
       http_client_ip                   http_x_forwarded_for
       x-real-ip                        http_x_forwarded
       proxy-client-ip                  wl-proxy-client-ip
       http_x_cluster_client_ip         http_forwarded_for
       http_forwarded                   http_via
       x-true-client-ip                 user-defined
 
Select from the drop-down list the name of the header from the client request that contains the true source IP address of the client request (as opposed to the IP address of the last proxy that forwards the request to Alteon). For an IP header that does not appear in the drop-down select “user-defined” and specify the required IP header (case-insensitive).
jsinject
 
Displays the Redirect JS Injection script menu. To view this menu, see /cfg/security/botmng/botmng/jsinject JS Injection script Menu.
domaing
 
Specifies the domain to be used at the set-cookie operation.
As part of the integration, Alteon inserts a “set-cookie” header to the client response, so the user agent can send it back to the server on future requests (Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>).
When domain grouping is left empty (default), the domain in the set-cookie header will be set to the same domain received at the request. This is required when the virtual service manages unrelated sub-domains. For example abc.com, xzy.com, and cfg.com.
When domain grouping is set with a specific domain (mainly root domain), the domain in the set-cookie header will be set to the defined domain.
This is required when the virtual service manages sub-domains which are related to each other, such as api.abc.com, mobile.abc.com, news.abc.com, and auth.abc.com. In this example, the domain cookie domain grouping value should be set to abc.com.
filebyps png|jpg|css|js|jpeg|gif|ico|ttf|svg|xml|woff|woff2|ashx|asmx|svc|swf|otf|eot
 
The list of extensions of static file types for which Alteon allows client requests to reach the server without inspection.
The entries in the list must be divided by a pipe (|) with no space between entries. The file type values are case-sensitive.
apptype [web|mobile]
 
The type of application that Alteon protects.
Values: Mobile Application, Web Application
Default: web
appclass
 
Displays the Advanced Application Type Classifier menu. To view this menu, see /cfg/security/botmng/botmng/appclass Advanced Application Type Classifier Menu.
samesite [lax|strict|none]
 
As part of the integration, Alteon inserts a "set-cookie" header to the client response so the client can send this cookie back to the server on future requests. One of the set-cookie attributes is called SameSite (Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; SameSite=<samesite value>.
The SameSite cookie attribute allows you to declare if your cookie should be restricted to a same‑site (or first-party) context or it can also be used in a cross-site (or third-party) context.
Cookies that match the domain of the current site (i.e., what is displayed on the browser's address bar), are referred to as first-party cookies. Similarly, cookies from domains other than the current site are referred to as third-party cookies.
This attribute allows setting the same-site attribute for the Bot Manager cookies.
Values:
*lax — Cookies are not sent on normal cross-site subrequests, but are sent when a user is navigating to the origin site.
*strict — Cookies are only sent in a first-party context and not sent along with requests initiated by third-party websites.
*none—Cookies are sent in all contexts (i.e., in response to both first-party and cross-origin requests). Note that if none is set, the cookie secure attribute must also be set.
Default: lax
hdrfiltr [none|exclude|include]
 
Sets headers to exclude or include from sending to the Bot Manager endpoint when allhdrs is enabled.
Values: none, exclude, include
Default: none
hostname
 
Sets the hostname for the Bot Manager endpoint communication.
Values:
*FQDN of the Bot Manager.
*default — To restore the default hostname (scus.shieldsquare.net).
Default: scus.shieldsquare.net
Note: Update this parameter when a match between the hostname specified at the transaction and the destination IP of the Bot Manager endpoint is being verified as part of the security policy.
hdrlist <256 character header names list>
 
Sets a list of headers to include or exclude when allhdrs is enabled and hdrfiltr is different than none.The names must be divided by a pipe (|) with no space between header names.
The following special characters are not supported: quotation mark ("), ampersand (&), colon (:), and backslash (\).
scookie [disabled|enabled]
 
Specifies whether Alteon sets the cookie with the Secure attribute, which limits the scope of the cookie to secure channels
Default: disabled
allhdrs [disabled/enabled]
 
When enabled, Alteon collects and sends all the request headers to the Bot Manager endpoint to allow advanced detection of bots.
Note: Contact Bot Manager support before enabling this option.
Values: enabled, disabled
Default: disabled
Note: To include or exclude specific headers, use hdrfiltr and hdrlistHeader Names to Include/ExcludeFilter.
trkevent [d|e]
 
Enables or disables tracking of events from mobile apps.
Default: enabled
ena
 
Enables the current Bot Manager policy.
dis
 
Disables the current Bot Manager policy.
del
 
Deletes the current Bot Manager policy.
cur
 
Displays the current Bot Manager policy configuration.