Enabling Bot IP Shield

Set up and enable Bot IP Shield in the Webscale Control Panel

Bot IP Shield is an add-on feature from Webscale that allows you to protect your application from known attack sources. Webscale has partnered with Webroot’s BrightCloud® IP Reputation Service to maintain IP reputation data that is updated every 5 minutes to reflect the latest attack sources.

After enabling this feature, configure shielding for the application that you want to protect. Then, create Web Controls to handle traffic from sources that you consider a threat. For example, you could configure the Web Control to deny requests from a request IP if it is a known threat.

Set up Bot IP Shield

Edit Web Control Box
To add the Web Control
  1. On the Web Controls page, click Add a Web Control.
  2. Enter a name and description for the new Web Control. Click Add condition.
  3. From the condition drop-down menu, select IP address is a Threat
  4. Click Save.
Edit Web Control Box
To configure the Web Control action
  1. Click Add action.
  2. From the Type drop-down menu, select Deny Request. You can also edit the HTTP status code and response body.
  3. Click Add Action.
  4. Click Done to create the action.
  5. On the Web Controls page, click Done to create the Web Control.
Enable Bot IP Shield Web Control
To enable the Web Control
  1. On the Web Controls page, select the Web Control.
  2. Click the toggle for it.
  3. Click the Enable checkbox.
  4. Click Apply.

  5. Webscale will now deny any request from an IP flagged as a threat.
Traffic Viewer Column Selection
You can configure Traffic Viewer to view threat requests from Traffic Viewer. For information on how to access Traffic Viewer for your application, see To access Traffic Viewer.

To add the threat column
  1. On the Traffic Viewer page for your application, click Columns.
  2. Select the Threat checkbox.

  3. You can now see the Threat label in the traffic data.
Traffic Viewer Graph
You can filter traffic results to only display requests labeled as a threat.

To filter traffic for only requests tagged as a threat
  1. Access the Traffic Viewer page for your application.
  2. Enter threat=y into the Filter field.

  3. The records view of the query results only displays logs that match the filter criteria.

Further reading

Have questions not answered here? Please Contact Support to get more help.

Last modified April 21, 2020