# Anti-Bot Challenge Rules

### Overview

Anti-Bot rules allow you to **Detect, Challenge, or Prevent** traffic that matches specific criteria in order to mitigate automated abuse such as:

* Credential stuffing
* Brute-force attacks
* Account enumeration
* Bot Driven DDoS

#### Action Modes

* **Detect** – Logs matching traffic only.\
  \&#xNAN;*Recommended first step to validate impact before enforcement.*
* **Challenge (captcha)** – Requires the client to pass a browser challenge before access is granted.\
  Use to stop automation while allowing legitimate users.
* **Prevent** – Blocks matching requests.\
  Use after validation or during active attacks.

**Best practice:** Start with **Detect**, then move to **Challenge**

### How to Configure Anti Bot Rules

#### Add Rules

1. Navigate to **Anti-Bot Tab → Challenge Rules SubPractice → Add Rule**

<figure><img src="/files/tWCrSnpBxthSWsqTSTsh" alt=""><figcaption></figcaption></figure>

1. Select the desired **Action** (Detect, Challenge, or Prevent).
2. Enter the target **URI** (e.g., `/login`).
3. (Optional) Add **Additional Conditions** to narrow the scope.\
   You may choose one of the following:
   * Source Identifier
   * Source IP
   * URI
   * Country Code
   * Country Name
4. Save the rule.

<figure><img src="/files/Czm3dUiWZh24oOQqfha6" alt="" width="507"><figcaption></figcaption></figure>

#### Add a Captcha Challenge&#x20;

1. Navigate to the "Behaviors" Tab and create a new captcha object

<figure><img src="/files/orgIERWoQJwEs6t4z9JS" alt="" width="375"><figcaption></figcaption></figure>

2. Configure the Captcha object that will be used when a rule triggers a challenge:

   * **Name**: Enter a friendly name for the Captcha object, or keep the default.
   * **Captcha Type**: Select the challenge mechanism. *(Currently set by default to **Proof of Work**.)*
   * **TTL**: The time-to-live (in minutes) for the successful challenge. During this period, the user will not be required to complete a new challenge.
   * **Message Title (optional)**: The title shown on the challenge HTML page presented to the end user.
   * **Message Body (optional)**: The text displayed on the challenge HTML page presented to the end user.

   <figure><img src="/files/lxBnP3yNPWLAIyzKhPmh" alt="" width="320"><figcaption></figcaption></figure>

<figure><img src="/files/UflXi2Zx5K8JDTIyhGwU" alt="" width="563"><figcaption><p>Example of a page challenge page displayed to the user</p></figcaption></figure>

3. Connect the Captcha object to the practice:

<figure><img src="/files/EcnPx5bQSFQjK1I9yyCB" alt="" width="305"><figcaption></figcaption></figure>

2. Enforce policy


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://waf-doc.inext.checkpoint.com/additional-security-engines/anti-bot-challenge-rules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.