Last updated 2023-12-06
This information is part of a limited availability release. For additional details, read our product and feature lifecycle descriptions.
Fastly's Bot Management product provides you with visibility into bot traffic, allowing you to identify bots and automations directly at Fastly's network edge, closer to where requests arrive and further away from your application layer. Using the knowledge you gain from this detection, you can enforce rulesets and policies in the Bot Management console as part of your web asset and application protection measures. Because not all bots are malicious, Bot Management offers controls that can help you decrease unwanted bot activity by allowing you to customize your interactions and automatically decide which bots are safe to interact with in your ecosystem.
As a limited availability feature, client fingerprinting incorporates JA3 fingerprinting and allows you to identify client types as long as that information is available as part of the TLS encrypted communication between a specific client and its server. This feature can help you detect bots designed for malicious activities such as credential stuffing, credential cracking, or IP rotation attacks.
This information is part of a beta release. For additional details, read our product and feature lifecycle descriptions.
This beta availability feature allows you to add a Next-Gen WAF signal to the logic of your active configuration rules that will help validate self-identified bots and thereby allow or block them as appropriate as requests arrive to the web applications you're protecting. This beta feature is available to Professional and Premier plan customers. For additional details on how to explore this beta feature, contact your account manager or email@example.com.
To purchase Bot Management, you must purchase Fastly's Next-Gen WAF at the Professional or Premier level for deployment on Fastly's Edge Cloud platform. This requires a paid account with a contract for Fastly's services.
Keep in mind the following limitations and considerations:
- When using the client challenges feature, you must choose between either interactive or non-interactive challenges for each service. Both cannot be active on a single service at the same time.
- Using client challenges for multiple host names requires custom VCL. If, for example, a service includes both www.example.com and api.example.com as hosts, client challenges will not behave as expected.
- Any client challenge exceptions required to exclude bots you want to access your site must be included in your custom VCL.
Fastly charges for Bot Management based on the volume of requests processed per month. These charges are separate from and do not include charges associated with the Fastly Full Site Delivery service nor with usage of the Fastly Next-Gen WAF.