Protects your API from most common bots and has the capability of whitelisting and blacklisting custom clients.


Configuration

Configuring the plugin is straightforward, you can add it on top of an API by executing the following request on your Kong server:

$ curl -X POST http://kong:8001/apis/{api}/plugins \
    --data "name=bot-detection"

api: The id or name of the API that this plugin configuration will target

You can also apply it for every API using the http://kong:8001/plugins/ endpoint. Read the Plugin Reference for more information.

form parameter default description
name The name of the plugin to use, in this case: bot-detection
config.whitelist
optional
A comma separated array of regular expressions that should be whitelisted. The regular expressions will be checked against the User-Agent header.
config.blacklist
optional
A comma separated array of regular expressions that should be blacklisted. The regular expressions will be checked against the User-Agent header.

Default rules

The plugin already includes a basic list of rules that will be checked on every request. You can find this list on GitHub at https://github.com/Mashape/kong/blob/master/kong/plugins/bot-detection/rules.lua.