AWS WAF Bot Control Managed Rule Group expands bot detection capabilities

Posted on: Sep 13, 2024

AWS WAF introduces a new version of Bot Control Managed Rule Group with enhanced features to help customers better manage and protect their web applications from bot activity. This includes:

  1. Token reuse detection: Identifies the reuse of WAF tokens across autonomous system numbers (ASNs) and geographic locations, in addition to existing IP-based detection. Customizable sensitivity levels – High, Medium, and Low – enable you to take mitigation actions based on your use cases. For example, customers with mobile users who frequently change IPs may allow higher token reuse, while those with more static applications can enforce stricter controls at lower thresholds.
  2. Expanded Bot Categories: 19 new bots, including several verified AI bots, added to various categories.
  3. Cloud Service Provider Labels: New labels that allow customers to selectively allow or block traffic from specific cloud service providers.
  4. Automated Browser Extension Labels: Labels to detect the presence of browser extensions that assist in web automation, such as Selenium IDE, complementing the existing automated browser signals.
  5. Improved CloudWatch Visibility: WAF label is now emitted for each matched rule, enhancing visibility in CloudWatch logs. This change is also included in the new 1.1 versions of the AWS WAF Fraud Control rule groups.

AWS WAF Bot Control Managed Rule group is available in all AWS Regions, except the AWS GovCloud (US) Regions and the China Regions. To use the latest versions, you will have to manually change the version number of Bot Control Managed Rule group. To learn more, please review the documentation.