# Bot Protection ### Overview The **Anti-Bot** module detects and mitigates automated traffic that may negatively impact applications, such as crawlers, scanners, brute-force bots, or scripted clients. It provides monitoring and verification mechanisms to distinguish between **legitimate human users** and **automated tools**. The **Anti-Bot** page displays all IP addresses that triggered bot-detection checks on any protected application. *** ### Anti-Bot Logs Overview This page lists detection events generated by the Anti-Bot engine. Each row represents bot-like activity from a specific IP address interacting with a specific application. For each event, the system displays: * IP address * Country of origin * Targeted application * Detection details (Hits / Verified) * Duration of the bot activity * Start time of the detection event This overview allows administrators to quickly identify suspicious automated traffic patterns. *** ### Detection Details Each Anti-Bot event includes two key metrics: #### Hits The number of times an IP address triggered Anti-Bot detection checks. Hits increase when client behavior resembles automation, such as: * Sending too many requests in a short period * Accessing suspicious or sensitive endpoints * Missing or abnormal browser fingerprints * Unusual or malformed HTTP header patterns *** #### Verified The number of times the Anti-Bot system successfully verified that the client was a **real human**, not a bot. Verification methods may include: * Browser challenge tests * Behavioral analysis * Fingerprint validation If the **Verified** count is significantly lower than **Hits**, the traffic is likely automated. *** ### Filters Users can refine the displayed Anti-Bot events using the following filters: #### IP Address Filter results for a specific client IP. #### Application Display bot activity for a selected protected application only. #### Start At / End At Limit results to a specific date and time range. #### Clear Filters Reset all filters and return to the full list. These filters help narrow down bot-related traffic for faster investigation. *** ### Table Columns Explained #### IP Address The client IP generating bot-like behavior.\ Geolocation information is included to help identify foreign or suspicious sources. *** #### Application The application that the IP attempted to access during bot detection. *** #### Detail Displays: * Total number of Anti-Bot detection **Hits** * Total number of **Verified** human interactions This provides a quick, at-a-glance assessment of whether the traffic is likely legitimate or automated. *** #### Duration The total time span during which the Anti-Bot event occurred. *** #### Start At The timestamp when the Anti-Bot system first detected suspicious automated activity. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vngcloud.vn/vng-cloud-document/vwaf/bot-protection.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.