Alert Logic® Web Security Manager has various functions that can assist with scraping. These include:
- Blocking known malicious sources
- Rate limiting
- User agent blocking
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated. CSRF attacks specifically target state-changing requests - not theft of data, since the attacker has no way to see the response to the forged request. Within Web Security Manager, there is a section of the web application firewall (WAF) - “Session and CSRF protection” - that can be used to enable CSRF tokens generated by the WAF. This is a proactive solution. If you are an Alert Logic Cloud Defender, Threat Manager, or Log Manager customer, you can find this by navigating to the following pages: Configuration > WAF > Websites > Manage Websites to the right of the appropriate website > Services > WAF > Policy > change Display preset to Advanced if on Manual > Website global policy section > Sessions and CSRF protection.
If you are an Alert Logic Essentials, Professional, or Enterprise customer, you can find this by navigating to the Navigation menu () > Configure > WAF > Manage Website > Policy (under WAF) > change Display preset to Advanced if on Manual > Website global policy section > Sessions and CSRF protection.
The "HTTP Request and Connection Throttling" can also be used to help mitigate anti-automation, depending on the burst-rate of the attack. This is a reactive solution.
A properly implemented CSRF token is a good anti-automation measure for web applications, as it prevents botted automation attempts. It requires the attacker to write their own tool/script to parse out the CSRF token on each page refresh to plug into their automated request.
Note: DDoS mitigation is most effective when addressing it as close to the originating attack as possible, as opposed to blocking it with a local WAF. Ensure that you move it away from your workloads.