tencent cloud

Web Application Firewall

Multi-Scene Mode

Download
Mode fokus
Ukuran font
Terakhir diperbarui: 2026-07-13 09:35:05
Through scenario configuration in BOT Management, you can quickly create protection policies tailored to your business scenarios. It also supports creating multiple scenarios based on different business types to reduce the risk of your website's core APIs and business being threatened by BOTs. BOT Management supports two configuration modes by default: Simple Mode and Multi-Scenario Mode, to meet the configuration needs of different users.
Single scene: If you only need to quickly deploy a baseline protection policy for all paths of a domain, we recommend using Simple Mode. This mode enables you to quickly enable expert preset rule sets, frontend countermeasures, and intelligent analysis features to monitor BOT traffic in your business. You can observe the matched traffic and then switch to Block Mode.
Multi-Scene Mode: If you need to deploy different personalized protection configurations for different paths of a domain, we recommend using Multi-Scenario Mode. This mode supports enabling different expert preset basic rule sets and custom rule sets for different path configurations and business scenarios (such as flash sales, anti-scanning, and anti-crawling). You can observe the matched traffic and then switch to Block Mode.
This document describes the operation guide for Multi-Scenario Mode.

Prerequisites

BOT management requires purchasing the WAF BOT traffic management feature for the corresponding instance.
On the BOT Management page, select the domain to protect and enable the BOT traffic switch.

Switching to Multi-Scenario Mode

1. Log in to the WAF console, and then choose BOT Management in the left sidebar.
2. On the BOT Management page, select the domain to protect in the top-left corner.
3. On the BOT Management page, enable BOT Management, and then click Switch to Multi-Scene Mode.
Note:
After Multi-Scenario Mode is switched to, some default configurations are enabled and custom adjustments are supported in Basic Protection on the BOT Protection page.

Creating a BOT Scenario

1. Log in to the WAF console, and then choose BOT Management in the left sidebar.
2. On the BOT Management page, select the domain to protect in the top-left corner.
3. On the BOT Management > BOT Protection page, click Create scene.
4. In the New BOT Scenario dialog box, configure the relevant parameters, and then click Create.
Parameter description
Custom Scene name: Enter a name for the scenario. The name cannot exceed 50 characters.
Scene type: You can select one or more system preset scenarios, or select a custom scenario. Preset scenarios (whether single or multiple selections) and custom scenarios are mutually exclusive and cannot be enabled at the same time.
Attention:
After you select the business scenarios to protect, the system automatically generates custom protection rules for the selected scenarios and sets them to Observation Mode by default. After the scenario is created, you can find the newly created scenario in BOT Protection > Scenario-based Management, click View Configuration to view the generated custom rules, and then adjust them to Blocking Mode based on the hit logs.
Ruleset: The rule sets for the corresponding scenarios are selected and enabled for you by default, and the default action is Monitor. We recommend that you enable all rule sets to identify more types of BOTs and maximize the default protection capability.
Client type: The type of client used to access the target to protect. Only the Browser/H5 type supports enabling frontend countermeasures.
Priority: The execution priority for this scenario. Enter an integer between 1 and 100. A smaller number indicates a higher priority.
Scope: The scope within which this scenario takes effect for the domain. Both global scope and custom scope are supported.
When you select a custom scope, you can enter up to 5 conditions.
You can configure the operational logic between multiple conditions to take effect based on "AND" or "OR".
Within a single matching content, you can enter multiple values separated by line breaks, with a maximum of 20 values. When the logical operators are Contains, Equals, Belongs to, Prefix Match, or Suffix Match, the effective logic between multiple values is OR. When the logical operators are Does Not Contain, Does Not Equal, or Does Not Belong to, the effective logic between multiple values is AND.
5. In the scenario management list, the created scenario card data will appear. Click Edit scene to modify the previously submitted scenario configuration.

BOT Scenario Configuration

1. In scenario management, select the target scenario and click Details on the right to further view and adjust the policy configuration within the scenario.
2. On the scenario details page, you can view the basic scenario information. Click View traffic to go to the page where you can view the traffic reports and BOT details for traffic that matches the scenario policy.
3. Scenario configuration consists of three layers of interception: frontend countermeasures, custom rules, and action policies. It supports custom settings for the corresponding modules. To configure scenario policies based on business characteristics, see BOT Scenario-Based Practice Tutorial.

Action Settings

1. Log in to the WAF console, and then choose BOT Management in the left sidebar.
2. On the BOT Management page, select the domain to protect in the top-left corner.
3. In scenario management, select the target scenario and click Details on the right to further view and adjust the policy configuration within the scenario.
4. At the bottom of the scenario configuration page, click Add action policy.
5. On the Create Action Policy page, users can achieve precise interception of risky access by configuring different action policies, the corresponding effective scope for each policy, and actions for different score segments.
Parameter description
Action policy name: Enter a name for the policy. The name cannot exceed 20 characters.
On/Off: The default enabled status of an action policy after it is saved.
Scope: The scope within which this policy takes effect. Both global scope and custom scope are supported.
When you select a custom scope, you can enter up to 5 conditions.
You can configure the operational logic between multiple conditions to take effect based on "AND" or "OR".
Within a single matching content, you can enter multiple values separated by line breaks, with a maximum of 20 values. When the logical operators are Contains, Equals, Belongs to, Prefix Match, or Suffix Match, the effective logic between multiple values is OR. When the logical operators are Does Not Contain, Does Not Equal, or Does Not Belong to, the effective logic between multiple values is AND.
Priority: The execution priority for this policy. Enter an integer between 1 and 100. A smaller number indicates a higher priority.
Mode: Four default handling modes are provided: Loose, Moderate, Strict, and Custom. The Lenient, Moderate, and Strict modes are preset modes, each representing the recommended classification and handling policy for BOTs of different threat levels in BOT behavior management. These three preset modes can be modified, and after modification, they become the Custom mode.
Score: The total score range for segments is 0 to 100 points. Up to 10 entries can be added for each score segment. Configured score intervals follow a left-closed, right-open rule. Score segments must not overlap. Score intervals can be set to empty. When set to empty, no handling action is taken for that score segment.
Note:
The BOT score (bot_score) is a comprehensive assessment score ranging from 0 to 100. It is generated jointly by four modules: AI intelligent detection, behavioral statistical analysis, threat intelligence, and terminal feature recognition. Each module scores independently. The final score is then converted to a percentage based on the weight of the enabled modules. A higher score indicates a greater likelihood that the request originates from an automated program.
Action: The action can be set to Trust, Monitor, JS Validation, Redirect to (redirect to a specific website URL), CAPTCHA, or Block.
Tag: It can be set to Friendly BOT, Malicious BOT, Normal Traffic, or Suspected BOT.
Friendly BOT: BOTs that are friendly/legitimate to websites by default.
Suspected BOT: The traffic from this source is identified as suspected BOT, but it cannot be determined whether it is harmful to the website.
Normal Traffic: Traffic that is identified as originating from normal human users.
Malicious BOT: BOTs that are unfriendly to websites by generating malicious traffic/access requests.
6. After completing the configuration, click Save at the bottom left of the page to make it effective.












Bantuan dan Dukungan

Apakah halaman ini membantu?

masukan