Bot defense

Dhal scores suspicious bot-like requests using headers, user agents, and automation signals.

{
  "rules": {
    "bot": {
      "enabled": true,
      "scoreThreshold": 70,
      "blockEmptyUserAgent": false,
      "suspiciousUserAgents": [
        "headlesschrome",
        "phantomjs",
        "selenium",
        "puppeteer",
        "playwright",
        "python-requests",
        "aiohttp"
      ],
      "falsePositiveControls": {
        "minSignals": 2,
        "skipStaticAssets": true,
        "ignorePaths": ["/healthz", "/health", "/readyz", "/favicon.ico"],
        "ignorePrivateIps": false
      }
    }
  }
}

False-positive controls

Use:

• minSignals to require multiple indicators;
• skipStaticAssets to avoid noisy asset requests;
• ignorePaths for health checks and known safe routes;
• allowUserAgents for trusted automated clients.

Rollout

Start bot rules in monitor, inspect events, then enforce on sensitive routes.