> For the complete documentation index, see [llms.txt](https://docs.greennode.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.greennode.ai/vwaf/bot-protection.md).

# Bot Protection

### Overview

The **Anti-Bot** module detects and mitigates automated traffic that may negatively impact applications, such as crawlers, scanners, brute-force bots, or scripted clients.

It provides monitoring and verification mechanisms to distinguish between **legitimate human users** and **automated tools**.

The **Anti-Bot** page displays all IP addresses that triggered bot-detection checks on any protected application.

***

### Anti-Bot Logs Overview

This page lists detection events generated by the Anti-Bot engine.

Each row represents bot-like activity from a specific IP address interacting with a specific application.

For each event, the system displays:

* IP address
* Country of origin
* Targeted application
* Detection details (Hits / Verified)
* Duration of the bot activity
* Start time of the detection event

This overview allows administrators to quickly identify suspicious automated traffic patterns.

***

### Detection Details

Each Anti-Bot event includes two key metrics:

#### Hits

The number of times an IP address triggered Anti-Bot detection checks.

Hits increase when client behavior resembles automation, such as:

* Sending too many requests in a short period
* Accessing suspicious or sensitive endpoints
* Missing or abnormal browser fingerprints
* Unusual or malformed HTTP header patterns

***

#### Verified

The number of times the Anti-Bot system successfully verified that the client was a **real human**, not a bot.

Verification methods may include:

* Browser challenge tests
* Behavioral analysis
* Fingerprint validation

If the **Verified** count is significantly lower than **Hits**, the traffic is likely automated.

***

### Filters

Users can refine the displayed Anti-Bot events using the following filters:

#### IP Address

Filter results for a specific client IP.

#### Application

Display bot activity for a selected protected application only.

#### Start At / End At

Limit results to a specific date and time range.

#### Clear Filters

Reset all filters and return to the full list.

These filters help narrow down bot-related traffic for faster investigation.

***

### Table Columns Explained

#### IP Address

The client IP generating bot-like behavior.\
Geolocation information is included to help identify foreign or suspicious sources.

***

#### Application

The application that the IP attempted to access during bot detection.

***

#### Detail

Displays:

* Total number of Anti-Bot detection **Hits**
* Total number of **Verified** human interactions

This provides a quick, at-a-glance assessment of whether the traffic is likely legitimate or automated.

***

#### Duration

The total time span during which the Anti-Bot event occurred.

***

#### Start At

The timestamp when the Anti-Bot system first detected suspicious automated activity.
