Radware Bot Manager documentation

Radware Bot Manager - HAProxy Plugin

Introduction

This documentation provides an overview on how to integrate Radware Bot Manager solution at your HAProxy load balancer.

Pre-requisites

  • LUA version 5.3.x
  • HAProxy (version 2.0 to 2.2) compiled with LUA and OpenSSL

Getting Started

You can enable Monitor Mode or Active Mode for your application using the Bot Manager plugin. 

Monitor Mode

  • In Monitor mode, asynchronous calls are made to the Bot Manager API that sends various parameters about the visitor which allow Bot Manager engine to analyse the bot traffic and passively collect the data. 
  • In this mode, all type of traffic is by default set to allow to access your application. No action is taken against the bots 

Active Mode

Using Active mode you can take real-time actions against bad actors on your application. There are 2 ways in which you can use active mode:

(1) Real Time Protection 

  • This allows you to take real-time action on the bots having malicious intent. 
  • In Real-time protection, synchronous calls are made to Bot Manager engine which responds with response code (0-Allow, 2-Captcha, 3-Block, 4-Feed Fake Data) in real time. These response codes are used to take required action against the bots. 
  • This is recommended when you want to take action against bots at server/application level. 

 (2) Feed Based Protection 

  • In Feed based protection, you can asynchronously fetch Bad Bot IP / Signature feed at regular intervals using Bot Manager Feed APIs. Feed fetched can be stored in the ACL available in you HAProxy to take action against bots.

Monitor Mode

How it works

  1. Request from client reaches HAProxy Load Balancer
  2. SPOE filter in HAProxy collect the required parameters for Bot Engine
  3. SPOE sends this packet to SPOA via SPOP protocol
  4. SPOA prepares the data packets complying with Bot Engine and posts the same asynchronously to Bot Manager
  5. Bot Manager responds back to HAProxy via SPOA
  6. HAProxy forwards the request to the configured backend(s)
  7. Response is sent back to client via HAProxy

Steps to integrate Monitor Mode

Integrating HA Proxy is a 4 step process:

1. Create the Bot Manager Account

A Bot Manager account needs to be created for the application you wish to integrate the plugin with. Post successful registration, you will be provided with an option to select the HAProxy plugin from the Bot Manager Portal

2. Integrate the HA Proxy Plugin

From the Bot Manager portal you can download the HAProxy plugin. The downloaded plugin kit will need to be configured and placed in your application. A step-by-step plugin configuration details will be provided to the users during the integration. Post integration the HAProxy service will have to be restarted. Integration will have to be carried out using Sandbox ID to start with.

3. Verify Integration

Successful integration can be verified from the Bot Manager Portal itself.

4. Move Changes to Production

Production SID will need to be replaced with the Sandbox ID and HA Proxy service will have to be restarted.

Active Mode

How it works 

  1. Request from client reaches HAProxy Load Balancer 
  2. SPOE filter in HAProxy collects the required parameters for Bot Engine 
  3. SPOE sends this packet to SPOA via SPOP protocol 
  4. SPOA posts this to Bot Manager for analysis 
    • Bot requests will be redirected to Captcha / Block using ACLs configured in HAProxy frontend 
    • Good traffic will be allowed to contact the Origin Server, HAProxy forwards the response to client from Backend 

Steps to integrate Active Mode

Carry out all monitor mode steps

All steps mentioned in Monitor Mode need to be carried out.

Set Actions to be taken against Bots

Login to the bot manager portal and switch the "Monitor" mode toggle to "Active". Configure the actions (Allow / CATCHA/ Feed Fake Data, etc) for bot responses.

Configuration changes

Edit the Bot Manager lua file to change the mode parameter to “Active”. Edit changes provided in the the HAProxy configuration file (will be shared in the Integration document). Restart HAProxy service,   


Write to botmanager_support@radware.com for details on Feed Based protection or other clarifications.


© 2020 All Rights Reserved. Radware Bot Manager