Overview
Cyber-criminals use automation to carry out attacks on web applications for several reasons. Automation tools:
- Enable the attacker to hit more applications and exploit more vulnerabilities than other manual methods.
- Are available online and save the attacker time from studying attack methods and developing exploits that applications are vulnerable to.
- Are optimized to use resources more efficiently.
The StackPath WAF behavioral analysis blocks any non-human traffic. Advanced user behavioral analysis blocks automated scanners, bots, and other automated tools from accessing your application, while known bots, such as known search engines, are allowed.
StackPath WAF uses JavaScript Injection to protect your site from malicious attacks to learn more, see WAF JavaScript Injection Explained.
This article will describe the four main types of Automation attacks that StackPath provides protection from.
Force Browser Validation on Traffic Anomalies
This sanction allows you to challenge or block requests when the user or device does not keep session cookies and does not execute Javascripts correctly. Users are presented with either a CAPTCHA or Javascript validation screen.
Automated Clients
This sanction allows you to challenge or block requests when sessions are automated. Automated clients are usually bots looking to hack, spam, spy or generally compromise your website. Enabling this toggle will challenge these types of requests and force human interaction. StackPath allows you to review a list of known BOTs to allow or block. A full list is available at the bottom of the WAF screen in the customer portal in the Allowed Known Bots section. To learn more, see Enabling and Troubleshooting WAF Bot Protection.
Headless Browsers
This sanction allows you to challenge or block requests when the user or device uses an automation tool to initiate browsers. Headless browsers are at times used to Perform DDoS attacks on web sites, increase advertisement impressions or automate websites in unintended ways. Use this toggle to protect your site from these types of attacks.
Anti-Scraping
This sanction allows you to challenge or block requests when the user or device uses an automation tool with faster and harsher convictions. Some sites prefer to leave this toggle off to allow partner sites to pull information off your website and post it on their own (like a travel information consolidation site). To block these requests, simply toggle the option on.
These four rules can be found under the Anti Automation and Bot Protection section in your WAF settings. Force Browser Validation on Traffic Anomalies is the only policy that is enabled by default, as to provide for the best user experience. To enable or disable a protection vector, simply click on the toggle switch to turn it off or on.