Release Notes and Announcements

Release Notes

Security Announcement

Announcements

Product Introduction

Overview

Strengths

Use Cases

Comparison Between EdgeOne and CDN Products

Use Limits

Purchase Guide

Description of Trial Plan Experience Benefits

Free Plan Guide

Billing Overview

Billing Items

Subscriptions

Renewals

Instructions for overdue and refunds

Comparison of EdgeOne Plans

About "clean traffic" billing instructions

DDoS Protection Capacity Description

Getting Started

Choose business scenario

Quick access to website security acceleration

Quick deploying a website with Pages

Domain Service&Origin Configuration

Domain Service

HTTPS Certificate

Origin Configuration

Site Acceleration

Overview

Access Control

Smart Acceleration

Cache Configuration

File Optimization

Network Optimization

URL Rewrite

Modifying Header

Modify the response content

Rule Engine

Image&Video Processing

Speed limit for single connection download

DDoS & Web Protection

Overview

DDoS Protection

Web Protection

Bot Management

API Discovery（Beta）

Edge Functions

Overview

Getting Started

Operation Guide

Runtime APIs

Sample Functions

Best Practices

Pages

L4 Proxy

Overview

Creating an L4 Proxy Instance

Modifying an L4 Proxy Instance

Disabling or Deleting an L4 Proxy Instance

Batch Configuring Forwarding Rules

Obtaining Real Client IPs

Data Analysis&Log Service

Log Service

Data Analysis

Alarm Service

Site and Billing Management

Billing Management

Site Management

Version Management

General Policy

General Reference

Configuration Syntax

Request and Response Actions

Country/region and Corresponding Codes

Terraform

Overview

Installing and Configuring Terraform

Practical Tutorial

EdgeOne Skill User Guide

Automatic Warm-up/Cache Purge

Resource Abuse/hotlinking Protection Practical

HTTPS Related Practices

Acceleration Optimization

Scheduling Traffic

Data Analysis and Alerting

Log Platform Integration Practices

Configuring Origin Servers for Cloud Object Storage (Such As COS)

CORS Response Configuration

API Documentation

History

Introduction

API Category

Making API Requests

Site APIs

Acceleration Domain Management APIs

Site Acceleration Configuration APIs

Edge Function APIs

Alias Domain APIs

Security Configuration APIs

Layer 4 Application Proxy APIs

Content Management APIs

Data Analysis APIs

Log Service APIs

Billing APIs

Certificate APIs

Origin Protection APIs

Load Balancing APIs

Diagnostic Tool APIs

Custom Response Page APIs

API Security APIs

DNS Record APIs

Content Identifier APIs

Legacy APIs

Ownership APIs

Image and Video Processing APIs

Multi-Channel Security Gateway APIs

Version Management APIs

Data Types

Error Codes

FAQs

Product Features FAQs

DNS Record FAQs

Domain Configuration FAQs

Site Acceleration FAQs

Data and Log FAQs

Security Protection-related Queries

Origin Configuration FAQs

Troubleshooting

Reference for Abnormal Status Codes

Troubleshooting Guide for EdgeOne 4XX/5XX Status Codes

520/524 Status Code Troubleshooting Guide

521/522 Status Code Troubleshooting Guide

Tool Guide

Agreements

Service Level Agreement

Origin Protection Enablement Conditions of Use

TEO Policy

Data Processing And Security Agreement

Glossary

Action

PDF

Focus Mode

Font Size

Last updated: 2025-10-20 14:39:56

The bot management module provides multiple action methods. The processing rules for different action methods are as follows:
Action
Purpose
Action description
Subsequent action
Block
Used to block request access to the site (including Cache or non-Cache content).
Responded with an intercept page and intercept status code.
No longer match other Rules.
Allow
Used to skip the remaining rules of the current Security module.
In the current module, the remaining rules no longer match the request.
Continue to match other Effective rules.
Observe
Used for evaluating or Canary security policy.
Only records log, does not take action.
Continue to match other rules.
JavaScript challenge
Used to identify Clients that do not support JavaScript Note 1, commonly found in DDoS attack sources, scanning tools, etc.
Responded with a page containing JavaScript, the page carries JavaScript code to verify the browser behavior of the Client and then performs a redirect.only visitors who pass the verification can continue to access.
Requests that pass the challenge continue to match other rules.
Managed challenge
Used for bot confrontation, first perform JavaScript challenge verification, and then perform CAPTCHA human-machine verification for requests that pass the verification.
First, perform a JavaScript challenge; for Clients that pass the verification, respond with a redirect (HTTP 302) page, carry a CAPTCHA verification, and the user completes the verification through interactive operation. Only visitors who pass both verifications can continue to access.
Requests that pass the challenge continue to match other rules.
Silent drop
Belongs to a more intense bot confrontation mechanism, limiting bot concurrent ability by consuming bot network connections.
Maintain TCP connections, but no longer respond to any HTTP Data.
No longer match other management strategies.
Delayed response(short)
Mainly used to limit bot concurrent ability, with obfuscation feature Note 2.
Randomly wait 1-5 seconds before responding.
No longer match other management strategies.
Delayed response(long)
Mainly used to limit bot concurrent ability, with obfuscation feature Note 2.
Randomly wait 8-10 seconds before responding.
No longer match other management strategies.
Note:
﻿Note 1: 
Browser Clients that support JavaScript can normally pass the JavaScript challenge verification, while Clients that do not support JavaScript (such as cURL) cannot pass the verification.
﻿Note 2:
 Generally speaking, when bot operators detect that their bots are being restricted by bot management policies, they may adjust the characteristics of their bots to bypass bot policies, thereby increasing the difficulty of bot identification. Therefore, long-term operational bot confrontation mechanisms usually have obfuscation features, that is, it is difficult for bot operators to intuitively judge whether their bots are restricted by bot management policies. Confrontation mechanisms with obfuscation features can reduce the cost and difficulty of bot operators without increasing the difficulty of bot identification.
Supports multiple action methods for random execution
Random execution of multiple action methods can help your bot management strategy achieve higher obfuscation intensity, making it more difficult for bot operators to detect. Custom bot rules support the use of multiple action methods to handle requests, and you can configure multiple action methods and their corresponding weights. When the rule matches the request, one of the action methods will be randomly selected for processing based on the weight configuration.
Note:
This capability is only available for configuration within custom bot rules.
﻿

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

tencent cloud

Tencent Cloud EdgeOne

Action

Supports multiple action methods for random execution

Help and Support

Action	Purpose	Action description	Subsequent action
Block	Used to block request access to the site (including Cache or non-Cache content).	Responded with an intercept page and intercept status code.	No longer match other Rules.
Allow	Used to skip the remaining rules of the current Security module.	In the current module, the remaining rules no longer match the request.	Continue to match other Effective rules.
Observe	Used for evaluating or Canary security policy.	Only records log, does not take action.	Continue to match other rules.
JavaScript challenge	Used to identify Clients that do not support JavaScript ^{Note 1}, commonly found in DDoS attack sources, scanning tools, etc.	Responded with a page containing JavaScript, the page carries JavaScript code to verify the browser behavior of the Client and then performs a redirect.only visitors who pass the verification can continue to access.	Requests that pass the challenge continue to match other rules.
Managed challenge	Used for bot confrontation, first perform JavaScript challenge verification, and then perform CAPTCHA human-machine verification for requests that pass the verification.	First, perform a JavaScript challenge; for Clients that pass the verification, respond with a redirect (HTTP 302) page, carry a CAPTCHA verification, and the user completes the verification through interactive operation. Only visitors who pass both verifications can continue to access.	Requests that pass the challenge continue to match other rules.
Silent drop	Belongs to a more intense bot confrontation mechanism, limiting bot concurrent ability by consuming bot network connections.	Maintain TCP connections, but no longer respond to any HTTP Data.	No longer match other management strategies.
Delayed response(short)	Mainly used to limit bot concurrent ability, with obfuscation feature ^{Note 2}.	Randomly wait 1-5 seconds before responding.	No longer match other management strategies.
Delayed response(long)	Mainly used to limit bot concurrent ability, with obfuscation feature ^{Note 2}.	Randomly wait 8-10 seconds before responding.	No longer match other management strategies.