If enabled, only clients implementing a Cookie-Store will be able to access the application through this mapping. In contrast to regular browsers, most bots do not implement a Cookie-Store and will therefore be blocked if this setting is enabled.
Enforce client cookie support
Source IP address whitelist
Requests originating from a client (e.g. a bot) with an IP address in the selected list are forwarded whether the client supports a Cookie-Store or not.
Well-Known Bot Exceptions
Check User-Agent
Check the User-Agent to determine if a bot is well-known and do not block such bots. Clients sending one of the following User-Agent header values are treated as well-known bots:
- Googlebot
- bingbot
- MSNBot
- Baiduspider
- YandexBot
- DuckDuckBot
Enforce source-domain
If enabled, a reverse IP lookup for well-known bots is performed to verify that the client's IP address belongs to the operator of a well-known bot. This prevents bots from pretending to be a well-known bot by sending a fake "User-Agent" header. The following domains are considered as domains of operators operating well-known bots:
- google.com
- googlebot.com
- search.msn.com
- baidu.com
- baidu.jp
- yandex.com
- yandex.net
- yandex.ru
- duckduckgo.com
Custom Bot Exceptions
Check User-Agent
If enabled custom bots are not blocked. Custom bots are identified by providing a "User-Agent" and "Source-Domain" pattern.
If "Check User-Agent" and "Enforce source-domain" are enabled, both patterns "User-Agent pattern" and "Source-domain pattern" have to match such that a request is not blocked.
User-Agent pattern
Do not block bots whose "User-Agent" header matches this pattern.
Enforce source-domain
Do not block bots whose source-domain matches the "Source-domain pattern".
Source-domain pattern
The "Source-domain pattern".
Ensure that the pattern ends with a "$" to prevent wrong matches (e.g. the pattern "\.example\.com$" should be used instead of "example.com", since "example.com" would also match "myexample.com", "example.com.otherdomain.org" and "examplexcom.otherdomain.org" etc.).