Bots generate a large amount of internet traffic. More than half of all bots are malevolent. Criminal bots sniff out vulnerabilities, infect and control vulnerable machines, launch denial of service attacks, steal data, commit fraud, and more. At the same time, the internet would grind to a halt without the beneficial bots that power search engines and digital assistants. Limelight Web Application Firewall (WAF) Advanced Bot Manager ensures maximum availability and security of web infrastructure to sustain revenue generating web traffic, by eliminating malicious bot traffic, while managing legitimate bot traffic.


Bots are ubiquitous. Today’s hackers use bots to launch pre-attack scans, post comment spam, exploit vulnerabilities, and execute code injection attacks, denial of service attacks, and password guessing hacks against your web facing properties. These bots commit fraud by credential stuffing, repetitively making and canceling purchases, holding and/or consuming inventory, scraping sites, stealing information, and a host of other unwanted activities. Malicious bots also cause application and API outages that impact your customers’ experience, resulting in commercial losses. To effectively control the damages caused by the bot epidemic, organizations are faced with the challenge of staying ahead of threat actors and their malicious bots. Conversely, legitimate bot traffic is a necessary part of the Internet. Organizations want to detect and allow good bot traffic, while managing the amount, the time-of-day, and the traffic priority. Having the ability to eliminate malicious bot traffic while managing legitimate bot traffic is critical to maintaining uptime.


The answer to the challenge is Bot Manager, a cloud-based, comprehensive, feature-rich bot management platform, offered as a 24x7 Managed Security Service. Unlike traditional bot detection and mitigation solutions, Limelight Bot Manager offers a flexible platform that is easily deployed and continuously managed. Ongoing monitoring and tuning of bot management policies ensures an optimal security profile to protect your web applications, without sacrificing performance. Limelight Bot Manager is hosted in the cloud, so there’s no new hardware to install. The platform includes real-time dashboard, reporting, analytics, and alerts to provide rich insights into all requests and request handling performed by the Bot Manager proxy.


Because bots are automated scripts, bot protection starts by determining whether a connection request is coming from a human or machine. A series of challenges is presented to separate good bots from potentially malicious bots.


This challenge is intended to differentiate between computers and humans. In general, scripted bots are unable to solve the CAPTCHA and repeat the words and numbers used, while this is easy for humans to do.

Human Interaction Challenge

Identifies normal usage patterns for each web application based on legitimate user/visitor behavior analysis, and provides customizable security postures for bots that deviate from the standard usage behavior, activity, or frequency.

JavaScript Challenge

This technical challenge is sent to every client, attacker and real user. Legitimate browsers will pass the challenge without the user’s knowledge while bots, which are typically not equipped with JavaScript, will fail and be blocked.

Device Fingerprinting

Generates a hashed signature of both virtual and real browsers based on 50+ attributes. These proprietary signatures are then leveraged for real-time correlation to identify and block malicious bots.


Having a variety of bot detection mechanisms that include human interaction challenges as well as machine-based challenges is the optimal way to separate good bots from bad bots.


Bot Traffic Shaping

Is a traffic control mechanism used to detect and delay traffic created by suspicious bots, while at the same time prioritizing and white listing authorized traffic, reserving bandwidth for legitimate traffic.

Good Bot Whitelisting

Gives you the ability to specify known good bots that will be allowed through the WAF without challenges.


In addition to managing bot traffic, the Limelight WAF Advanced Bot Manager offers capabilities that make the solution simple to implement, deploy and administer. Hosted in the cloud, this flexible solution eliminates the need for IT organizations to install and manage hardware and software. Capabilities that enable ongoing monitoring and tuning of bot management policies ensure you always have the optimal security profile to protect your web applications without impacting performance. A real-time dashboard, reporting, analytics and alerts notify your security personnel of any bot attacks so they can quickly remediate the situation.


Limelight WAF Advanced Bot Manager helps you:

Protect brand reputation

Security breaches have a lasting impact on brand reputation, with more than 40% of consumers saying they will no longer make online transactions with a web site that has been previously breached. Protect your brand reputation by strengthening web application security by identifying and eliminating bad bots and protecting customer data from intrusion.

Keep customers coming back for more

Consumers have higher engagement with web sites that offer faster performance. Improve user experience by blocking resource-draining bots and providing the fastest online experiences.

Defend against emerging security threats

Ongoing monitoring and tuning of bot management policies ensures an optimal security profile to protect web applications against new and emerging threats.