It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Advanced Bot Protection

  • Last updated on


The Barracuda Web Application Firewall Advanced Bot Protection (ABP) capabilities protect your web, mobile, and API-based applications against a variety of bot attacks. ABP uses a combination of on-box capabilities and cloud-based machine learning/artificial intelligence systems to detect advanced bots. This feature provides you with comprehensive insights into bot traffic over your web applications.

ABP provides multiple features that can be used to detect and block specific bot attacks. Some of these features are available on-box without the purchase of an additional license. Other features require the purchase of an Advanced Bot Protection license. The feature-license matrix below shows which features require an additional license:

FeatureABP License RequiredData is sent to Advanced Bot Protection for analysis
Risk ScoreYesYes - Traffic Metadata
Credential StuffingYesYes - Hashed Data
Credential SprayingYesYes - Hashed Data
Auto-Configuration Engine (ACE)YesYes - Traffic Metric Logs

Advanced Threat-Intelligence Dashboard

  • Advanced BOT Protection
  • Client-Side Protection
YesYes - Traffic Metadata

Bot Spam Mitigation

Form / Referrer / Comment Spam

Session TrackingNoNo
Web ScrapingNoNo

Client-Side Protection

  • Content Security Policy
  • Sub-Resource Integrity
NoONLY if report-to is configured to send the data to BATIC. You can configure to send the data to other collection end-point.

Google reCAPTCHA
(customer should have a Google account with relevant features)

NoIt's redirection for authentication 

Bot Widget and Reporting

(except Credential Stuffing)

NoYes-Traffic Metadata
Bot Block-list and New IP Reputation categories NoNo
Barracuda ABP Cloud Integration   Yes 
Feature Categorization
Security AspectFeature NameOWASP Automated Threat (OAT) Identity Number
Bot Mitigation
  • Client Fingerprinting
  • Client Profiling
  • Risk Scoring
  • Web Scraping Policy


Securing Accounts / ATO
  • Credential Attack Protection
    • Credential Stuffing
    • Credential Spraying
  • Brute Force Protection


Bot Spam Protection
  • Referrer Spam
  • Comment Spam
  • Form Spam
Application DDoS
  • DDoS Policy
  • Slow Client Attack Prevention
  • Session Tracking
File Upload Protection
  • Anti-virus check
  • BATP Scan
Data Theft ProtectionData Theft Protection 
Client-Side Protection
  • Content-Security Policy
  • Sub Resource Integrity
Configuration RecommendationAuto-Configuration Engine 


How to Enable Bot Mitigation

To configure ABP features, navigate to the BOT MITIGATION tab in the web interface and select the Bot Mitigation page. Here you can configure service level configurations to detect and block bot attacks, including credential stuffing, brute force attacks, web scraping, and more.

The Advanced Security and Session Tracking modules from the WEBSITES > Advanced Security page have been moved to the BOT MITIGATION > Bot Mitigation page. In addition, the Web Scraping Policies section from the WEBSITES > Advanced Security page has been moved to the BOT MITIGATION > Bot Mitigation page.

For an overview of the Advanced Bot Protection feature and to learn about the feature-license matrix, see Advanced Bot Protection Dashboard.