Bot Mitigation

For this section, we will focus on following Bot Mitigation modules of FortiADC’s Web Application Firewall to protect webservers from Bot automated attacks:

Configuring a Bot Detection Policy
Configuring a Threshold Based Detection Policy
Configuring a Biometrics Based Detection Policy
Configuring a Fingerprint Based Detection Policy

Configuring a Bot Detection Policy

Bot Detection policies employ signature based analysis and behavioral tracking to identify client traffic likely generated by automated bots rather than genuine human users. Legitimate bots, such as search engine crawlers, are classified as “good bots” because they perform essential search indexing operations, which can increase the visibility of your site to legitimate users.
Conversely, “bad bots” are known to generate malicious traffic that can compromise site availability and integrity. Examples of such activities include Distributed Denial of Service (DDoS) attacks and content scraping. To mitigate these threats, it is crucial to deploy effective bot mitigation strategies, such as IP reputation analysis, rate limiting, anomaly detection algorithms, and CAPTCHA challenges, to identify and block these harmful bots in real-time.
Login to the FortiADC (FAD-Primary) with the username xperts2025 and password AppSec-Xp3rts2025!
Go to Web Application Firewall → Bot Detection
You will notice that once we accepted the recommendations from Adaptive Learning, it was automatically added to Bot Detection module so we don’t need to create a new one.

Configuring a Threshold Based Detection Policy

Go to Web Application Firewall → Threshold Based Detection policy
You will notice several policies which come default with the FortiADC. You can use these but you cannot customize them. So, we will create a new one below.
Click on +Create New