配置 BitFire Bot Control

版本 3.5.1+

BitFire Bot Control 配置指南

Cory Marsh
Cory Marsh
Share:
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming videos on BitFire's you tube channel.
Controlling Web Robots
控制自动网络扫描仪

关于网络扫描程序和机器人

自动网络扫描器又称网络爬虫或机器人,是许多合法在线活动(如搜索引擎索引和在线比价)的重要工具。. 然而,这些扫描仪也可能被用于恶意目的,例如窃取敏感信息、发起 DDoS 攻击,甚至传播恶意软件. 因此,必须阻止自动网络扫描仪,以保护个人和组织的信息和系统.

自动网络扫描仪除用于窃取敏感信息外,还可用于 DDoS 攻击. 这些扫描器可用于向网站发送大量请求,使服务器不堪重负,导致网站脱机。. 这可能会扰乱业务运营,损害公司声誉.

自动网络扫描仪也可用于传播恶意软件. 这些扫描仪可通过编程搜索网站和系统中的漏洞,然后利用漏洞安装恶意软件或发起攻击. 这会对个人和组织的信息和系统造成重大损害.

security can be complex
控制自动机器人

什么是 BitFire Bot Control?

BitFire 仪表板中的 "机器人控制 "页面允许您精确控制如何处理每个机器人. There are many thousands of automated crawlers, tools, scanners bots and many other automated systems accessing web sites on the Internet. 这些机器人中有许多是良性的、有益的,但也有一些不是.

BitFire\ 的远程应用程序接口维护着几千个机器人的列表. Each of these bots has network authentication information which is used to securely identify each bot. Secure network identification identifies the source network for the request, this ensures that bots claiming to be "GoogleBot" are only allowed from Google IP addresses, and not Romania or Colombia, etc.

它是如何工作的?

默认情况下,BitFire 将允许所有具有安全网络身份验证的已知良性僵尸运行。. Any time a new bot is seen accessing the website, BitFire authenticates the bot and if the secure auth check passes the bot is allowed.

During the learning phase in the first 5 days of operation, any bot BitFire sees will be added to the allow list from the same origin network. This feature ensures that any unknown web tool or third party service will still be allowed access once the Firewall is in full block mode.

了解机器人控制页面

僵尸控制页面包含有关访问网站的每个僵尸的大量信息. You can switch between known bots and unknown bots by selecting the "Show Known Bots" toggle switch. 所有机器人按最后出现的顺序排列.

Example bot list item

  1. 1:如果识别出机器人,则显示机器人图标. 机器人没有恶意的第一个指标
  2. 2:机器人识别的机器人名称. 点击名称将进入一个网页,了解更多信息.
  3. 3:机器人供应商名称.
  4. 4:机器人发送的完整用户代理.
  5. 5:第一次看到机器人的时间,以及最后一次看到机器人的时间.
  6. 6:无效页面请求数. 数字越高表示恶意.
  7. 7:网络验证失败的请求数.
  8. 8:通过网络验证的请求数.
  9. 9:绿色 - 验证网络身份验证. 黑色 - 阻塞. 红色 - 允许从任何地方访问.
  10. 10:使用该僵尸的用户代理看到的前 30 个 IP 地址
  11. 11:安全验证有效的域网络
  12. 12:机器人的来源国列表
  13. 13:已知的内部分类
  14. 14: 机器人控制按钮. 点击更改机器人处理.

有效使用机器人控制

To effectively use the bot control provided by BitFire you should review the the known and unknown bot pages after Firewall learning is complete. 花点时间浏览一下清单. Make sure that any third party tools or services that you use are set to either "Authenticated" or "ANY IP". Most bots and services can be restricted to authenticated IPS and networks, but some services may not have static networking and must be set to "ANY IP".

Be careful when configuring any bot to allow "ANY IP" as this will allow anyone anywhere on the planet to use this User-Agent to bypass your bot filtering. The more well known the bot (think GoogleBot, Bing, etc) the more likely setting this to "ANY IP" could result in abuse. If is very unlikely for an attacker to set their User-Agent to "Bob's Unkown Third Party Tool" in hopes of bypassing Firewall Filtering. 最有可能被滥用的情况是流行的搜索引擎.

允许的机器人仍被防火墙隔离

需要注意的是,即使机器人控制中允许使用机器人,BitFire 防火墙功能仍会运行. This includes, XSS, SQLi, CSRF, SSRF, XXE, and other firewall features. Bot Control is intended to block scanners looking for unknown or difficult to detect abuse from completing their scans.

Cory Marsh
Cory Marsh
Share:
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming videos on BitFire's you tube channel.