Personal dashboard: Bot protection

Note

In the default configuration, this section of the personal dashboard is available only to users in the Administrative and Technical groups.

The section Bot protection → Dashboard personal dashboard Qrator Labs displays data on blocked requests to the current domain or service.

The section consists of several widgets:

events graph,
widget with key metrics,
widgets with data on blocked requests.

You can upload data [for different periods] (#select-period). By default, the data on the page is updated automatically. Uploaded data can be exported as an image or table.

At the top of the page there is a graph that displays events related to bot protection. Different datasets on the graph represent different types of events. You can hide a data set from the graph by clicking on its designation in the legend.

Note

Events corresponding to the 401 Unauthorized code are registered only after the user has made the next request. For example, the event Check procedure failed (401 Unauthorized) is registered simultaneously with the corresponding event Blocked due to failed check procedure (403 Forbidden). Hence the event data corresponding to the 401 Unauthorized code may appear on the graph with a slight delay.

Below is a list of event types displayed on the graph. The HTTP response codes sent to users are shown in parentheses.

User check ignored (401 Unauthorized)

The user received a page with a JavaScript verification code, but made another request instead of executing it.

This may indicate that the user is a bot or uses a browser without the ability to execute JavaScript code.
User check shows a bot (401 Unauthorized)
Browser bot blocked (403 Forbidden)

The user received a page with a JavaScript verification code, sent a digital fingerprint of the environment and was identified as a bot.
Check procedure failed (401 Unauthorized)
Blocked due to failed check procedure (403 Forbidden)

The user received a page with a JavaScript verification code, sent a digital fingerprint of the environment and was identified as a legitimate user. They were given a tracking cookie. Later they turned to the address that requires a tracking cookie, but did not provide it.

This can be caused by an unexpected disconnection on the user's side, when a tracking cookie is received after verification. Most often, in a situation like that, the user can return to the verification page and successfully pass the verification again.
Invalid cookie/token (403 Forbidden)

The user contacted an address that requires a tracking cookie or token, but did not provide them.

This may indicate that the user is a bot, or that the user has not visited the verification page. If you use hash-based mobile API protection, this error may also occur if your mobile application sends API requests with missing or incorrect header tokens.

Key metrics

This widget contains brief information about the number of requests processed during the selected period.

Total blocked bot requests — total number of illegitimate requests.
Requests failed to validate — the number of illegitimate requests in which the user did not execute the JavaScript verification code issued to them before they visited the page (action Accept and Show Challenge in request processing rules).
Requests failed to present a cookie — the number of illegitimate requests in which the user did not provide a tracking cookie on the page that requires it (action Accept only with Cookies in request processing rules).
Bad fingerprint requests — the number of illegitimate requests in which the user executed the JavaScript verification code issued to them before they visited the page (action Accept and Show Challenge in request processing rules), and was identified as a bot.

All the indicators, except Total blocked bot requests, are displayed as an absolute value and as a percentage of the total number of requests. Please note that some requests may fall into more than one category, so the sum of the three values may exceed the value of Total blocked bot requests (100%).

Data on blocked requests

These widgets contain information on the most common values of some parameters of requests blocked during the selected period. For each of the values, the number of requests with this value is specified.

Top 10 countries — countries from which requests were made. The data is displayed as a bar chart. To see the number of requests from a country, point the mouse to the corresponding column. The source country of the request is determined by the IP address using the [MaxMind GeoIP] database (https://www.maxmind.com/en/geoip2-services-and-databases).
Top 10 IP addresses — IP addresses from which requests were made.
Top 10 URIs — URI paths to which requests were made.
Top 10 referer — values of the HTTP header Referer from requests.
Top 10 User agents — values of the HTTP header User-Agent from requests.

Tip

To view more detailed information on all the blocked requests for the selected period use data export.

Period selection

All widgets in the section display data for a certain period (by default 1 day). You can change this period in one of two ways.

Hold down the left mouse button at the beginning of the [events graph] section you are interested in (#events-graph) and, without releasing the button, pull to the end of the section. The scale of the graph will automatically change so as to include data only from the selected area. Such zoom out can be performed successively several times.

Each time the chart is updated all the other widgets in the section are automatically updated and display the data for the corresponding period.

To return to the previous period, click the button . To return to the default period, press the Reset Zoom button.
Select one of the preset periods from the drop-down list at the top of the page. The necessary data will be automatically loaded and displayed on the chart and other widgets.

Data update

By default, all the data in this section of the personal dashboard is automatically updated without reloading the page every 2 minutes. To change this interval, open the drop-down list next to the button at the top of the page and select the desired interval. To disable auto-update completely, select the option Off in the drop-down list.

To update the data forcedly, click the button .

Export

Export graph

To save an events graph for a selected period select the menu item Export → Export graph (.png) at the top of the page. The image will be downloaded in the same size as it was displayed in the browser at the time of saving.

Exporting requests

To download the full data on all the blocked requests for a selected period select the menu item Export → Export requests (.csv.gz) at the top of the page.

Note

In the default configuration, this section of the personal dashboard is available only to users in the Administrative and Technical groups.

The section Bot protection → Dashboard personal dashboard Qrator Labs displays data on blocked requests to the current domain or service.

The section consists of several widgets:

events graph,
widget with key metrics,
widgets with data on blocked requests.

You can upload data [for different periods] (#select-period). By default, the data on the page is updated automatically. Uploaded data can be exported as an image or table.

View data

Events graph

Note

Below is a list of event types displayed on the graph. The HTTP response codes sent to users are shown in parentheses.

User check ignored (401 Unauthorized)

The user received a page with a JavaScript verification code, but made another request instead of executing it.

This may indicate that the user is a bot or uses a browser without the ability to execute JavaScript code.
User check shows a bot (401 Unauthorized)
Browser bot blocked (403 Forbidden)

The user received a page with a JavaScript verification code, sent a digital fingerprint of the environment and was identified as a bot.
Check procedure failed (401 Unauthorized)
Blocked due to failed check procedure (403 Forbidden)

The user received a page with a JavaScript verification code, sent a digital fingerprint of the environment and was identified as a legitimate user. They were given a tracking cookie. Later they turned to the address that requires a tracking cookie, but did not provide it.

This can be caused by an unexpected disconnection on the user's side, when a tracking cookie is received after verification. Most often, in a situation like that, the user can return to the verification page and successfully pass the verification again.
Invalid cookie/token (403 Forbidden)

The user contacted an address that requires a tracking cookie or token, but did not provide them.

This may indicate that the user is a bot, or that the user has not visited the verification page. If you use hash-based mobile API protection, this error may also occur if your mobile application sends API requests with missing or incorrect header tokens.

Key metrics

This widget contains brief information about the number of requests processed during the selected period.

Total blocked bot requests — total number of illegitimate requests.
Requests failed to validate — the number of illegitimate requests in which the user did not execute the JavaScript verification code issued to them before they visited the page (action Accept and Show Challenge in request processing rules).
Requests failed to present a cookie — the number of illegitimate requests in which the user did not provide a tracking cookie on the page that requires it (action Accept only with Cookies in request processing rules).
Bad fingerprint requests — the number of illegitimate requests in which the user executed the JavaScript verification code issued to them before they visited the page (action Accept and Show Challenge in request processing rules), and was identified as a bot.

Data on blocked requests

Top 10 countries — countries from which requests were made. The data is displayed as a bar chart. To see the number of requests from a country, point the mouse to the corresponding column. The source country of the request is determined by the IP address using the [MaxMind GeoIP] database (https://www.maxmind.com/en/geoip2-services-and-databases).
Top 10 IP addresses — IP addresses from which requests were made.
Top 10 URIs — URI paths to which requests were made.
Top 10 referer — values of the HTTP header Referer from requests.
Top 10 User agents — values of the HTTP header User-Agent from requests.

Tip

To view more detailed information on all the blocked requests for the selected period use data export.

Period selection

All widgets in the section display data for a certain period (by default 1 day). You can change this period in one of two ways.

Hold down the left mouse button at the beginning of the [events graph] section you are interested in (#events-graph) and, without releasing the button, pull to the end of the section. The scale of the graph will automatically change so as to include data only from the selected area. Such zoom out can be performed successively several times.

Each time the chart is updated all the other widgets in the section are automatically updated and display the data for the corresponding period.

To return to the previous period, click the button . To return to the default period, press the Reset Zoom button.
Select one of the preset periods from the drop-down list at the top of the page. The necessary data will be automatically loaded and displayed on the chart and other widgets.