Hostile Bot Detection / RCSI
For detecting hostile bots, Reblaze uses a multi-layered mechanism, collectively known as "bot challenges". Its results are shown to admins in the "challenges" metric in Reblaze's analytics; for a discussion of how challenges impact traffic statistics, see here and here.
Bot challenges mitigate threats based on the requestor's identity and environment. When Reblaze receives the first request from a previously unknown traffic source (below described as the "user"), this is the typical process that is followed.
Reblaze challenges the user's browsing environment. Reblaze uses a variety of proprietary, multi-faceted techniques to verify that this requestor is a human using a browser, instead of a bot using a headless browser or emulator. (For more detailed information, see Environmental detection and browser verification.)
If the challenge is not passed, the request is suspected to be a bot, and another challenge is issued. This process continues until a challenge is passed, or a threshold is reached (e.g., via a Dynamic Rule) to ban the requestor.
If the challenge is passed, the browser's session is authenticated, and the browser receives cookies from Reblaze.
The browser then automatically resubmits the original request, but this time, the cookies are included. The user is granted access to the requested URL, resources, etc.
Subsequent requests will also include the cookies, and thus, they are not challenged.
This process happens quickly (in a few milliseconds), and is invisible to the user.
Much of the challenge process is based on a variety of methods, collectively known as Reblaze Client Side Inspection (RCSI). It detects bots via a multi-layered approach, described on the following pages:
Out of the box, Reblaze uses "active" bot challenges. We also recommend that admins enable "passive" challenges. More information is here: Active Challenges versus Passive Challenges.
Lastly, in addition to the RCSI mechanisms described above, Reblaze also includes Interactive Challenges.
Last updated