By David Frazee

 

Microsoft has recently released JavaScript challenge in public preview for Azure WAF on Application Gateway and Azure Front Door.

 

Approximately 48% of internet traffic is generated by bots, with 30% attributed to malicious bots. These harmful bots are programmed to attack web and mobile applications for fraudulent and malevolent purposes. These bad bots are typically automated test scripts that scrape websites to manipulate SEO rankings or prices, launch denial-of-inventory attacks and commit other malicious activities. Considering the risks associated with internet-exposed web applications, it is necessary for Azure WAF to detect and mitigate the bad bots. The mitigation of these attacks is accomplished by the Azure WAF JavaScript challenge.

 

The Azure WAF JavaScript (JS) challenge feature is a non-interactive, invisible web challenge used to distinguish legitimate users from bad bots. It is an invisible check issued to legitimate users and attackers as an intermediate page. Bad bots will fail the JS challenge but real users will not. Furthermore, JS challenges eliminate friction for real users since they don’t require any intervention from humans.  Hence, Azure WAF JS challenge is an effective method to protect against bot attacks without introducing customer friction.

 

Key Features

The invisible challenge is presented when a user's request matches a specific rule, prompting the client's browser to compute the challenge without user interaction. Successful computation allows the user through, while failed attempts block malicious bots. The challenge is reissued if the user's IP address changes or if they access the page from a different domain, ensuring continuous protection.

 

 

 

Read the full post here: Azure WAF Public Preview: JavaScript Challenge