If enabled, requests from identified bots are only logged but not blocked.
If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled.
Requests originating from a client (e.g. a bot) with an IP address in the selected list are forwarded whether the client supports a Cookie-Store or not.
Check the User-Agent to determine if a bot is well-known and do not block such bots. Clients sending one of the following User-Agent header values are treated as well-known bots:
- ●Googlebot
- ●bingbot
- ●MSNBot
- ●Baiduspider
- ●YandexBot
- ●DuckDuckBot
If enabled, a reverse IP lookup for well-known bots is performed to verify that the client's IP address belongs to the operator of a well-known bot. This prevents bots from pretending to be a well-known bot by sending a fake "User-Agent" header. The following domains are considered as domains of operators operating well-known bots:
- ●google.com
- ●googlebot.com
- ●search.msn.com
- ●baidu.com
- ●baidu.jp
- ●yandex.com
- ●yandex.net
- ●yandex.ru
- ●duckduckgo.com
If enabled custom bots are not blocked. Custom bots are identified by providing a "User-Agent" and "Source-Domain" pattern.
If "Check User-Agent" and "Enforce source-domain" are enabled, both patterns "User-Agent pattern" and "Source-domain pattern" have to match such that a request is not blocked.
Do not block bots whose "User-Agent" header matches this pattern.
Do not block bots whose source-domain matches the "Source-domain pattern".
The "Source-domain pattern".
Ensure that the pattern ends with a "$" to prevent wrong matches (e.g. the pattern "\.example\.com$" should be used instead of "example.com", since "example.com" would also match "myexample.com", "example.com.otherdomain.org" and "examplexcom.otherdomain.org" etc.).