# Hostile Bot Detection / LWCSI For detecting hostile bots, Link11 WAAP uses a multi-layered mechanism, collectively known as "bot challenges". Its results are shown to admins in the ["challenges" metric](/how-link11-waap-works/traffic-reporting-and-analytics.md#metrics) in L11WAAP's analytics; for a discussion of how challenges impact traffic statistics, see [here](/how-link11-waap-works/traffic-reporting-and-analytics.md#the-challenge-process) and [here](/how-link11-waap-works/traffic-reporting-and-analytics.md#how-requests-are-reflected-in-l11waaps-statistics). Bot challenges mitigate threats based on the requestor's identity and environment. When L11WAAP receives the first request from a previously unknown traffic source (below described as the "user"), this is the typical process that is followed. 1. **L11WAAP challenges the user's browsing environment.** L11WAAP uses a variety of proprietary, multi-faceted techniques to verify that this requestor is a human using a browser, instead of a bot using a headless browser or emulator. (For more detailed information, see [Environmental detection and browser verification](/reference-information/hostile-bot-detection-lwcsi/environmental-detection-and-browser-verification.md).) 2. **If the challenge is not passed, the request is suspected to be a bot, and another challenge is issued.** This process continues until a challenge is passed, or a threshold is reached (e.g., via a Dynamic Rule) to ban the requestor. 3. **If the challenge is passed, the browser's session is authenticated**, and the browser receives cookies from L11WAAP. 4. **The browser then automatically resubmits the original request**, but this time, the cookies are included. The user is granted access to the requested URL, resources, etc. 5. **Subsequent requests will also include the cookies,** and thus, they are not challenged. This process happens quickly (in a few milliseconds), and is **invisible** to the user. Much of the challenge process is based on a variety of methods, collectively known as Link11 WAAP Client Side Inspection (**LWCSI**). It detects bots via a multi-layered approach, described on the following pages: * [Environmental detection and browser verification](/reference-information/hostile-bot-detection-lwcsi/environmental-detection-and-browser-verification.md) * [Client authentication](/reference-information/hostile-bot-detection-lwcsi/client-authentication.md) * [Biometric behavioral verification](/reference-information/hostile-bot-detection-lwcsi/biometric-behavioral-verification.md) {% hint style="info" %} Out of the box, L11WAAP uses "active" bot challenges. **We also recommend that admins enable "passive" challenges.** More information is here: [Active Challenges versus Passive Challenges](/how-link11-waap-works/traffic-reporting-and-analytics.md#active-challenges-versus-passive-challenges). {% endhint %} Lastly, in addition to the LWCSI mechanisms described above, L11WAAP also includes [Interactive Challenges](/console-walkthrough/system/interactive-challenge.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://waap.docs.link11.com/reference-information/hostile-bot-detection-lwcsi.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.