Oracle Cloud Infrastructure Documentation

Good Bot Allowlist Management for Edge Policies

Describes the to use and management of the good bot allowlist for an edge policy.

Good bots provides the list of bots managed by known providers, such as Baidu or Google. You can allow the access from a specific good bot, or block the bot if they serve no business purpose. Allowed good bots from this section are allowlisted.

Allowlisted bots are flagged with a Bypass action in the edge policy logs. You can select the Bypass check box from the Action filter in Logs to search for the traffic allowed from these rules. Logged good bot events are categorized as a Threat Intelligence Leads log type, however, they are not a threat when the action taken is to Bypass.

The list of good bots on this menu is managed and continuously updated. Other good bots can be added as a new access control rule in Access Control.

Use one of the following methods to manage the good bot allowlist for an edge policy.

    1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

      Alternatively, open the Web Application Firewall page and click Policies under Resources.

      The WAF Policies page appears.

    2. Select the Compartment from the list.

      All the WAF policies in that compartment are listed in tabular form.

    3. (Optional) Apply one or more of the following Filters to limit the edge policies displayed:

      • State

      • Name

      • Policy Type: Select Edge Policy.

    4. Click the name of the edge policy for which you want to edit and enable the JavaScript challenge. 

      The Details page of the edge policy you selected appears.

    5. Click Bot Management under WAF Policy.

      The Bot Management list appears.

    6. Select the Good Bot Whitelist tab.

      The Good Bot Whitelist tab lists the bots managed by known providers that you can add to a whitelist. Enabling a good bot lets it bypass all challenges.

    7. Check each bot that you want to designate as a good bot. You can also check the Disable All or Enable All buttons.

  • Use the oci waas good-bot update command and required parameters to use and manage the good bot allowlist for an edge policy:

    oci waas good-bot update --good-bots good-bots --waas-policy-id waas_policy_ocid [OPTIONS]

    The good-bots value is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Use the UpdateGoodBots operation to manage your good bot whitelist.