Posted On: Sep 6, 2023
AWS WAF Bot Control for Targeted Bots now offers predictive Machine Learning (ML) technology to provide protection against distributed, proxy-based attacks. AWS WAF previously launched AWS Bot Control for Targeted Bots which provides protection against sophisticated bots that attempt to evade detection. Now, AWS WAF Bot Control for Targeted Bots can also be used to define block, challenge and Captcha rules against distributed bot attacks, such as attacks using residential and mobile proxies.
Threat actors often use compromised residential computers to create "bots" under their command and control. The threat actors use these bots into a residential proxy to bypass IP reputation and custom block lists. They rotate IP addresses using automated software, allowing them to send a low volume of requests per IP potentially evading rate limiting rules. Threat actors also source traffic from global proxies, making geo-blocking less effective. AWS WAF Bot Control now provides managed ML application protections to help protect against these distributed attacks without requiring any ML skills or writing any custom rules. This new feature adds bot confidence levels to requests that it detects as originating from potential bots, using automated machine learning analysis of website traffic statistics. The confidence levels are added as labels indicating high, or medium bot likelihood, allowing you to define different enforcement actions for each label. To learn more, visit documentation.
This feature will be enabled in count or non-blocking mode for all customers using AWS Bot Control for Targeted Bots. You can override actions to Captcha, Challenge, or Block after testing. There is no additional cost for this feature, however standard Targeted Bot Control and WAF charges still apply. See pricing page for more details.