Posted On: Oct 27, 2022
AWS WAF announces AWS Bot Control for Targeted Bots, a new feature of AWS Bot Control that provides protection against bots that attempt to evade detection and target applications such as e-commerce, retail, and financial services websites. Traffic from targeted bots can result in a poor user experience by competing against legitimate user traffic for website access to high-demand inventory, increasing business risk through chargebacks from fraudulent transactions, and increasing infrastructure costs.
AWS WAF previously released AWS Bot Control, which protects against common bots. With AWS Bot Control for Targeted Bots, customers can easily enable advanced bot detection techniques, such as browser interrogation, fingerprinting, and behavioral analysis to protect against targeted bot attacks. AWS Bot Control for Targeted Bots creates intelligent baselines and automatically applies mitigations, such as dynamic rate-based limiting when anomalous access patterns are detected, without the need for users to configure these thresholds. Learn more about AWS WAF Bot Control by visiting the Bot Control feature page.
To ensure that you use Targeted Bots only on the requests that need it, you can use WAF scope-down statements. When a request is evaluated by Targeted Bots, AWS WAF creates a baseline for each device and uses machine learning models to identify and rate-limit if a dynamic threshold is exceeded. With the recommended JavaScript integration, you can receive additional telemetry on devices to better protect your applications against targeted bots. Targeted Bots also includes a new WAF rule action ‘Challenge’ that enforces ‘aws-waf-token’ token generation and is available with all AWS WAF rules. Lastly, you can override the rule action for any WAF rule, and use captcha and challenge as new rule actions, in addition to blocking or allowing the requests.
AWS WAF Bot Control for Targeted Bots is available in 5 regions today - US East (N. Virginia), US West (N. California), Europe (Ireland), Europe (Paris) Region, and Australia (Sydney) Region. You can deploy AWS WAF Bot Control to protect Amazon CloudFront, Application Load Balancer, Amazon API Gateway, AWS AppSync, and AWS Cognito resources. You are charged a monthly fee once for each web ACL regardless of the inspection level chosen—Common or Targeted; and a per-request fee for web requests processed by the Targeted Bots rule. Other standard service charges for AWS WAF still apply. See pricing page for details.