This guide provides an overview for integrating ShieldSquare Monitor Mode, Active Mode Real-time Protection and Active Mode Feed-Based Protection with your Fastly Edge Cloud Platform.
ShieldSquare can be integrated with:
- Monitor Mode
In Monitor mode, ShieldSquare VCL sends various parameters about the visitor to the Bot Manager engine for traffic analysis. This data is sent asynchronously using SYSLOG streaming of Fastly.
In this mode, all types of traffic are allowed to access your website and no action will be taken against the bots.
- Active Mode
- This mode allows you to take action against bots. There are two types of protection in active mode:
- Real-time Protection
This allows you to take real-time action on the bots having malicious intent.
Data is sent to the Bot Manager engine in a synchronous manner using Fastly's restart option. The Bot Manager will send response containing the action(Allow/CAPTCHA/Block) for the request in real-time.
- Feed-Based Protection
Feed based protection makes asynchronous calls to the Bot Manager API and allows you to take action on bots using Fastly's ACL Feed.
Bot Manager engine detects bots and generates a feed with bot signatures, at regular intervals. These can be consumed at Fastly's ACL to block them.
How Monitor Mode works
- Request from the user's browser will hit the nearest Fastly service.
- ShieldSquare VCL connector module residing in Fastly will stream the data asynchronously via SYSLOG to ShieldSquare Bot Engine for analysis.
- ShieldSquare Bot Engine will detect bot patterns from the incoming traffic and update bot reports in the ShieldSquare portal.
- After the Shieldsquare VCL execution, Fastly will serve the cached content to the user.
- Fastly will forward the request to the Origin Server for non-cached content.
- Origin server will serve the requested content back to the Fastly Cache server.
- Fastly Cache server will serve the page with the new content to the user.
How Active Mode Real-Time Protection works
- Request from user's browser / mobile hits the nearest Fastly service.
- ShieldSquare VCL residing in Fastly performs a synchronous signature lookup. In parallel it also streams the data asynchronously to ShieldSquare Bot Engine for analysis which detects bot pattern and updates reports in the ShieldSquare dashboard.
- A response for the signature lookup is sent back to the ShieldSquare VCL
- Following action will be taken based on the response received from the ShieldSquare
- Bot requests will be redirected to CAPTCHA or Block page.
- Good traffic will be allowed to access the requested page or resource.
- Fastly Engine performs a cache lookup for the data. If the data is not available, it is passed to the Origin Server.
- Origin Server in turn, sends a response back to Fastly.
- A response is then sent from Fastly to the client.
How Active Mode Feed-Based Protection works
Request from the user's browser will hit the nearest Fastly service
A ShieldSquare VCL residing within Fastly does a lookup from the ACL Container with the IP of the client request
ACL identifies the IP and labels it as either good or bad based on the availability of the IP from the lookup and responds back to the VCL
If the IP belongs to the legitimate traffic (that means ACL container does not have the IP from the client request), Fastly is notified and it responds back to the client with the cached content
If IP is available in the ACL Container, it is considered bad traffic and the request is sent to a server that throws a static block page to the client
If content is not cached in Fastly, a request is sent to the Origin Server
The Origin Server responds back with content to Fastly, which is then cached
A response with the appropriate page is sent to the client
Feed Manager ACL update
101. ACL Feed Manager will be running a cron job every 5 mins which triggers an HTTP request every time to collect the updated Feed from the Bot engine
102. Bot engine prepares the list of bad IPs to be added in captcha-list or block-list in JSON and sends it back to the Feed Manager.
103. Feed manager decodes this JSON and programs the ACL container