Skip to content

Commit 2398b98

Browse files
authored
Merge pull request #501 from ByteInternet/botstopper_improvements
Botstopper improvements
2 parents d1461b0 + a83261e commit 2398b98

3 files changed

Lines changed: 38 additions & 4 deletions

File tree

docs/hypernode-platform/botstopper/how-to-use-botstopper.md

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,10 @@ Enable it again for that vhost with:
4848
hypernode-manage-vhosts example.com --botstopper
4949
```
5050

51+
```{tip}
52+
Keep in mind that botstopper is only active for HTTPS domains, because it uses the Secure flag for its cookies, which requires TLS.
53+
```
54+
5155
## Choose an AI Policy
5256

5357
Botstopper has three AI policies. The default policy is `aggressive`.
@@ -229,6 +233,19 @@ Allow JSON API requests, using [CEL expressions](https://anubis.techaro.lol/docs
229233
- 'path.startsWith("/api/")'
230234
```
231235
236+
Add suspicion weight for traffic from a specific country:
237+
238+
```yaml
239+
- name: weigh-countries-with-high-bot-traffic
240+
action: WEIGH
241+
expression:
242+
all:
243+
- '"X-Country-Code" in headers'
244+
- 'headers["X-Country-Code"] in ["BY", "RU"]'
245+
weigh:
246+
adjust: 10
247+
```
248+
232249
You usually do not need allow rules for API or webhook traffic. Botstopper allows traffic by default. Use an `ALLOW` rule when you already have, or plan to add, a broader custom rule that could otherwise challenge or block this trusted traffic.
233250

234251
## Logging
@@ -237,6 +254,23 @@ The botstopper service logs to `/var/log/botstopper/botstopper.log`. The log fil
237254

238255
To check the Botstopper logs in a human-readable manner, you can use the `hypernode-parse-botstopper-log` command. Read more about it in [How to View Botstopper Logs on Hypernode](./how-to-view-botstopper-logs.md).
239256

257+
## Cookies
258+
259+
In order to verify visitors, Botstopper uses cookies to track whether a visitor has passed a challenge. The following cookies are used:
260+
261+
| Cookie Name | Purpose |
262+
| ---------------------------------- | ------------------------------------------------------------------ |
263+
| `hnbotstopper-auth` | Used for authenticated sessions after a successful challenge. |
264+
| `hnbotstopper-cookie-verification` | Temporary cookie to check whether the browser has cookies enabled. |
265+
266+
Cookies sent by Botstopper have the following flags set:
267+
268+
| Flag | Purpose |
269+
| --------------- | -------------------------------------------------------------------------- |
270+
| `Secure` | Ensures cookies are only sent over HTTPS connections. |
271+
| `HttpOnly` | Prevents client-side scripts from accessing the cookies. |
272+
| `SameSite=None` | Cross-domain requests will keep working, safe option with the Secure flag. |
273+
240274
## Safe Policy Changes
241275

242276
Use specific rules whenever possible. Broad user-agent rules can block legitimate crawlers or integrations.

docs/hypernode-platform/botstopper/how-to-view-botstopper-logs.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,9 +32,9 @@ app@example-magweb-cmbl ~ $ hypernode-parse-botstopper-log --today
3232
The output shows the timestamp, log level, message, and request metadata:
3333

3434
```console
35-
2026-06-05 01:40:05.717877576Z [INF] new challenge issued > host=example.com method=GET path=/ user_agent="Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" client_ip=66.132.172.211 accept_language="" priority="" challenge=019e956f-ffd3-735d-9dce-5fe1aa40d534
36-
2026-06-05 02:07:11.959647899Z [INF] new challenge issued > host=example.com method=GET path=/ user_agent="Mozilla/5.0 (X11; Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0" client_ip=134.209.40.161 accept_language=en-US,en;q=0.5 priority="u=0, i" challenge=019e9588-d054-7c99-8684-61bbcb099b2f
37-
2026-06-05 02:38:01.225327165Z [INF] new challenge issued > host=example.com method=GET path=/compete-track-tote.html user_agent="Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; TikTokSpider; ttspider-feedback@tiktok.com)" client_ip=47.128.111.110 accept_language=en-US,en;q=0.5 priority="u=0, i" challenge=019e95a5-0807-759a-80d7-f450d68a1923
35+
2026-06-05 01:40:05.717877576Z [INF] new challenge issued > host=example.com method=GET path=/ user_agent="Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" client_ip=66.132.172.211 accept_language="" priority="" challenge=019e956f-ffd3-735d-9dce-5fe1aa40d534 weight=10
36+
2026-06-05 02:07:11.959647899Z [INF] new challenge issued > host=example.com method=GET path=/ user_agent="Mozilla/5.0 (X11; Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0" client_ip=134.209.40.161 accept_language=en-US,en;q=0.5 priority="u=0, i" challenge=019e9588-d054-7c99-8684-61bbcb099b2f weight=10
37+
2026-06-05 02:38:01.225327165Z [INF] new challenge issued > host=example.com method=GET path=/compete-track-tote.html user_agent="Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; TikTokSpider; ttspider-feedback@tiktok.com)" client_ip=47.128.111.110 accept_language=en-US,en;q=0.5 priority="u=0, i" challenge=019e95a5-0807-759a-80d7-f450d68a1923 weight=10
3838
```
3939

4040
Common messages include `new challenge issued` for visitors or bots that received a browser challenge.

docs/hypernode-platform/varnish/Investigating-varnish-errors-on-hypernode.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ If errors continue, consider gradually increasing the workspace values further (
127127

128128
If the problem persists after applying these fixes, contact support for further assistance.
129129

130-
```{information}
130+
```{tip}
131131
For more information about Varnish configuration and tuning, see our [documentation on improving Varnish hit rate](https://docs.hypernode.com/hypernode-platform/varnish/improving-varnish-hit-rate-on-hypernode.html) and the official
132132
[Varnish documentation](https://varnish-cache.org/docs/).
133133
```

0 commit comments

Comments
 (0)