Link11 WAAP
v2.16
v2.16
  • Link11 WAAP v2.16 Portal
  • Introduction
  • Getting Started
  • Setup Checklists
  • Marketplace onboarding
  • Console UI Walkthrough
    • General UI flow
    • Traffic
      • Traffic Concepts
      • Dashboard
      • View Log
    • Security
      • Security Section Concepts
      • Dynamic Rules
      • Quarantined
      • Profiles
        • Profile Concepts
        • Profiles
        • ACL Policies
        • WAF/IPS Policies
        • Custom Signature
      • Args Analysis
      • Tag Rules
      • Rate Limiting
      • Cloud Functions
    • Settings
      • Web Proxy
      • Backend Services
      • Error Pages
      • SSL
      • DNS
      • Planet Overview
      • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Using the Reblaze Query Box
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Ban, Unban, and Whitelist Traffic Sources
      • Bypass Rate Limits for Loadtesting
      • Control Caching Behavior
      • Filter by Content
      • Quickly Block an Attacker
      • Secure Traffic from a Third-Party Page
      • Set Rate Limits and Exemptions
      • Set up SIEM/SOC integration
      • Video Tutorials
        • DNS Training
    • API
      • Reblaze REST API
      • Mobile SDK
  • Reference Information
    • Access log-structure
    • Acronyms
    • Deployment Terminology
    • Hostile Bot Detection / RCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Pattern Matching Syntax
    • Signatures
    • Tags
    • TTL Expression Syntax
  • Support
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Reference Information

Hostile Bot Detection / RCSI

PreviousDeployment TerminologyNextEnvironmental detection and browser verification

Last updated 3 years ago

Was this helpful?

Most hostile bot activity involves headless browsers and mobile phone emulators. To detect these bots, most web security solutions rely on Javascript injection to detect the browser environment.

Unfortunately, these detection methods have become increasingly ineffective. The latest generations of bots use sophisticated software stacks, and they are able to masquerade as humans using normal browser environments.

To identify hostile bots, the Reblaze platform uses a variety of methods, collectively known as Reblaze Client Side Inspection (RCSI). Although Javascript plays a role within it, RCSI as a whole is unlike any other Javascript challenge in use today. RCSI is effective for protecting web applications, services/APIs, and mobile/native applications. (Some of the implementation details differ, depending on the context.)

RCSI detects bots via a multi-layered approach, described on the following pages:

Environmental detection and browser verification
Client authentication
Biometric behavioral verification