AWS WAF Bot Control - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

AWS WAF Bot Control

Bot Control helps you manage bot activity to your site by categorizing and identifying common bots, verifying generally desirable bots, and detecting high confidence signatures of bots. Bot Control combines an AWS managed rule group with AWS WAF features that allow you to customize handling of your bot-related traffic. Bot Control primarily targets self-identifying, non-targeted bots, in order to give you the ability to monitor and control this category of bot traffic.

Bot Control is a managed rule group that gives you visibility and control over common and pervasive bot traffic to your applications.


You are charged additional fees when you use this managed rule group. For more information, see AWS WAF Pricing.

With Bot Control, you can easily monitor, block, or rate limit bots such as scrapers, scanners, and crawlers. You can also allow common bots like status monitors and search engines. You can protect your applications using the Bot Control managed rule group alone, or with other AWS Managed Rules rule groups and your own custom AWS WAF rules.

Bot Control includes a console dashboard that shows how much of your current traffic is coming from bots, based on request sampling. With the Bot Control managed rule group added to your web ACL, you can take action against bot traffic and receive detailed, real-time information about common bot traffic coming to your applications.

When AWS WAF evaluates a web request against the Bot Control managed rule group, the rule group adds labels to requests that it detects as bot related, for example the category of bot and the bot name. You can match against these labels in your own AWS WAF rules to customize handling. The labels that are generated by the Bot Control managed rule group are included in Amazon CloudWatch metrics and your web ACL logs.

You can use AWS Firewall Manager AWS WAF policies to deploy the Bot Control managed rule group across your applications in multiple accounts that are part of your organization in AWS Organizations.