Bot Protection module
Edition |
Incubator (services) |
||
Git |
|||
Latest |
|
The Bot Protection module helps prevent malicious bot attacks on your server. The module allows you to configure various protection mechanisms. This document provides an overview of how to configure and use the module effectively.
This module is at the INCUBATOR level. |
Installing with Maven
Maven is the easiest way to install the module. Add the following to your bundle:
<dependency>
<groupId>info.magnolia.botprotection</groupId>
<artifactId>bot-protection</artifactId>
<version>1.0.1</version>
</dependency>
Configuration
To configure the Bot Protection Module, you can adjust the following settings within the BotProtectionModule
class.
Set the /server/filters/botProtection
filter enabled = true
.
Item | Description | ||
---|---|---|---|
PATH PROTECTION |
|||
|
Enable or disable protection by path regex. Default is |
||
|
Enable or disable protection by specific paths. Default is |
||
IP PROTECTION |
|||
|
Enable or disable protection by specific IP addresses. Default is |
||
|
Enable or disable protection by IP address regex patterns. Default is |
||
HEADER PROTECTION |
|||
|
Enable or disable protection based on HTTP headers. Default is |
||
REQUEST PARAMETER PROTECTION |
|||
|
Enable or disable protection based on request parameters. Default is |
||
RATE LIMITING |
|||
|
Enable or disable rate limiting for incoming requests. Default is |
||
|
Cache expiration time in seconds. Default: |
||
|
Maximum number of requests allowed per timeframe. Default: |
||
|
Timeframe in seconds. Default: |
||
|
Maximum number of rate limit buckets. Default: |
||
|
Define rate limit conditions for specific paths.
|
||
|
Ignores rate limits.
|
||
CUSTOM CONFIGURATION |
|||
You can customize protection rules by specifying which paths, IP addresses, headers, and request parameters to block. Use the following maps to define your custom rules. |
|||
|
Define regex patterns for blocking specific paths. Default values
|
||
|
Define specific paths to block. |
||
|
Define regex patterns for blocking specific IP addresses. |
||
|
Define specific IP addresses to block. |
||
|
Define HTTP headers to block. Default values
|
||
|
Define request parameters to block. Default values
|
||
|
Define list of headers to get true client IP Address.
|
Usage
BotProtectionFilter
The BotProtectionFilter
is an important part of this module and should be added to the filter chain.
It is responsible for applying the configured bot protection rules to incoming requests.
To use this filter, follow these steps:
-
Ensure that
BotProtectionModule
is properly configured with the desired protection features and rules. -
Add the
BotProtectionFilter
to the filter chain through resource file/mgnl-config/bot-protection/config/config.server.filters.botProtection.xml
.This filter is either enabled or not depending on the value of enabled
field. -
Ensure that this node is placed immediately after the
/server/filters/uriSecurity
node. This rule is configured on classBotProtectionVersionHandler
. -
Import the
BotProtectionModule
class and configure it according to your requirements.<dependency> <groupId>info.magnolia.botprotection</groupId> <artifactId>bot-protection</artifactId> <version>1.0.1</version> </dependency>
-
Enable or disable protection mechanisms as needed.
-
Define custom rules to block specific paths, IPs, headers, and request parameters.
-
Configure rate limiting using the
RateLimitConfig
class and add rate limit conditions for specific paths. -
The module will now apply the specified protection rules to incoming requests, preventing malicious bot attacks depending on the value of the
enabled
field mentioned above.