Bot

A bot is a software program that automatically performs certain actions over and over at a much faster rate than a human. Over 35 percent of your web traffic comprises bots and 80 percent of organizations suffer from bot attacks. They can interact with a webpage, submit forms, click links, scan text, or download content. Bots can even access videos, post comments, and tweet on social media platforms. Some bots can even hold basic conversations with human users. These bots are known as chatbots.

机器人执行必要的或有用的服务uch as customer service, chatbots, search engine crawlers are known as good bots. Some malicious bots can scrape or download content from a website, steal user credentials, spread spam content, and perform various other kinds of cyberattacks. These malicious bots are known as bad bots. It is essential to identify bad bots and protect your appliance from advanced security attacks. You can achieve this using a bot management system.

For more information on Bot, seeBot Management.

Configure Bot detection techniques in Citrix ADC

In Citrix ADC, you can configure bot detection techniques to detect the incoming bot traffic. The following are the bot techniques that you configure in Citrix ADC instance:

• Allow List. This rule has a list of URLs and policy expressions to evaluate if a specific set of good bots that can access to your web resource.

• Block List. This rule has a list of URLs and policy expressions to evaluate if a specific set of bad bots can access your website.

• IP reputation. This rule detects if the incoming bot traffic is a malicious IP address.

• Device fingerprinting. This rule detects if the incoming bot traffic has device fingerprint ID in the incoming request header and browser attributes of an incoming client bot traffic.

• Rate limiting. This rule rate limits multiple requests coming from the same client.

• Signatures. This rule detects and blocks bots based on signature detection. It also prevents unauthorized URLs that scrape websites, brute forcing logins, and bots that probe for vulnerabilities.

• Bot traps. This rule detects bots accessing the script that is enabled on the webpage.

• TPS. This rule detects the incoming traffic as bots if the maximum requests and the percentage increase in requests exceed the configured time interval.

For more information on configuring Bot management, seeConfigure Bot management.

Configure bot security violations in Citrix Application Delivery and Management

After you configure the bot management in Citrix ADC, you must enableBot Security Violationson virtual servers to view insights in Citrix Application Delivery and Management.

To enableBot Security Violations:

1. Navigate toInfrastructure > Instances > Citrix ADCand select the instance type. For example, VPX.

2. Select the instance and from theSelect Actionlist, selectConfigure Analytics.

3. Select the virtual server and clickEnable Analytics.

4. On theEnable Analyticswindow:

   1. SelectBot Security Violations

   2. UnderAdvanced Option, selectLogstream.

      

   3. ClickOK.

After enablingBot Security Violations, navigate toAnalytics>Security>Security Violations. UnderBot, select the application and view details. For more details, seeApplication overview.

View events history

You can view the bot signature updates in theEvents History, when:

• New bot signatures are added in Citrix ADC instances.

• Existing bot signatures are updated in Citrix ADC instances.

You can select the time duration in bot insight page to view the events history.

The following diagram shows how the bot signatures are retrieved from AWS cloud, updated on Citrix ADC and view signature update summary on Citrix Application Delivery and Management.

1. The bot signature auto update scheduler retrieves the mapping file from the AWS URI.

2. Checks the latest signatures in the mapping file with the existing signatures in ADC appliance.

3. Downloads the new signatures from AWS and verifies the signature integrity.

4. Updates the existing bot signatures with the new signatures in the bot signature file.

5. Generates an SNMP alert and sends the signature update summary to Citrix Application Delivery and Management.

Advanced search

You can also use the search text box and time duration list, where you can view bot details as per your requirement. When you click the search box, the search box gives you the following list of search suggestions.

• Instance-IP– Citrix ADC instance IP address

• Client-IP– Client IP address

• Bot-Type– Bot type such as Good or Bad

• Severity– Severity of the bot attack

• Action-Taken– Action taken after the bot attack such as Drop, No action, Redirect

• Bot-Category- - - - - - Category of the bot attack such as block list, allow list, fingerprint, and so on. Based on a category, you can associate a bot action to it

• Bot-Detection– Bot detection types (block list, allow list, and so on) that you have configured on Citrix ADC instance

• Location– Region/country where the bot attack has occurred

• Request-URL– URL that has the possible bot attacks

You can also use operators in your search queries to narrow the focus of your search. For example, if you want to view all bad bots:

1. Click the search box and selectBot-Type

2. Click the search box again and select the operator=

3. Click the search box again and selectBad

4. ClickSearchto display the results