← Lessons

quiz vs the machine

Platinum1790

System Design

Bot Detection and WAF at the Edge

Blocking malicious traffic at the edge before it reaches your origin.

6 min read · advanced · beat Platinum to climb

Filtering at the Front Door

The edge is the ideal place to stop bad traffic, since it sees every request first and can drop it before it consumes origin resources. Two tools work here: a web application firewall and bot detection.

The WAF

A WAF inspects requests against rules to block common attacks.

  • Signature rules catch known injection and scripting payloads
  • Rate based rules block sources sending too many requests
  • Managed rule sets stay updated against new exploits

Bot Detection

Not all automation is malicious, but credential stuffing and scraping are. Detection uses:

  • Behavioral signals like request patterns and timing
  • Fingerprinting of the client and network
  • Challenges such as proof of work or interactive checks

Why the Edge

  • Attack traffic never reaches origin, saving compute
  • Lower latency for legitimate users since checks are local
  • Global enforcement so one policy protects every region

The risk is false positives, so policies run in monitor mode first, then enforce.

Key idea

Running a WAF and bot detection at the edge drops malicious traffic before it reaches origin, using signatures, rate rules, and behavioral signals, with monitor mode first to limit false positives.

Check yourself

Answer to earn rating on the learn ladder.

1. Why is the edge a good place for a WAF and bot detection?

2. Why run a new blocking policy in monitor mode first?

3. Which signal helps detect malicious bots?