April 21, 2021

When do you need a dedicated bot management tool in addition to a WAF?

I know that most WAFs have basic bot blocking capabilities, but dedicated bot management solutions are typically much more powerful. But I’m not sure I understand when/why you need that extra power in blocking bots.

A couple examples I’ve thought of so far:

* Ecommerce websites in industries targeted by bot buyers, such as gaming consoles
* Websites that are targeted by scrapers, such as newspapers, stock sites, Amazon, etc.
* Web-based games that people might try to win via bots

It feels to me like a minority of websites would need a bot management solution…most should be fine to use their WAF to protect login pages, etc. and just ignore the rest of the bots. But maybe I’m missing something…would love to better understand why/when bot management is needed on a website!



“Bots” could also refer to automated scripts.

Your examples are perfect examples of when you need a dedicated and specialized solution. For most organizations, the bare minimum (which is 75% of what’s out there) that’s part of their existing solutions is fine.

Other examples would be sites that contain a lot of sensitive info. If all I need is a birthday and SSN to get access to address, CC info, email, phone, and other PII; I would want bot blockers on that. Reason being if there’s a leaked database out there that conains something like DOB and SSN, someone may write an automated script to take a two column database of leaked data and turn it into a 10 column database.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.