---
title: About Bot Management
summary: null
url: >-
  https://www.fastly.com/documentation/guides/security/bot-management/about-bot-management
---

Fastly's [Bot Management](https://docs.fastly.com/products/bot-management) allows you to identify bots and decrease unwanted bot activity on your web applications. You can [deploy](https://www.fastly.com/documentation/guides/security/bot-management/about-bot-management#deploying-bot-management) Bot Management on your Fastly services using one or both of the following deployment options:

- **Pre-cache inspection:** Bot Management inspects all requests before they reach your cache layer, allowing you to control bot access to both cached and uncached resources. This deployment option enables [ContentGuard](https://www.fastly.com/documentation/guides/security/bot-management/about-contentguard).
- **Post-cache inspection:** Bot Management works alongside the Next-Gen WAF to analyze cache-miss requests, protecting your origin from bot attacks. This means that Bot Management will only inspect traffic going to your origin.

## Prerequisites

Before enabling Bot Management for your services, you need to:

- review the Bot Management [limitations](https://docs.fastly.com/products/bot-management#limitations-and-considerations).
- purchase the required products for your Bot Management deployment option. Pre-cache inspection requires [Bot Management](https://docs.fastly.com/products/bot-management). Post-cache inspection requires Bot Management and [Next-Gen WAF](https://docs.fastly.com/products/fastly-next-gen-waf) (Edge WAF deployment only).

  > **IMPORTANT:** The [Essential platform](https://docs.fastly.com/products/fastly-next-gen-waf#feature-availability) for the Next-Gen WAF does not support Bot Management.

## Choosing a deployment option

The deployment option you choose determines which Bot Management features are available. Pre-cache inspection features work on all traffic before caching, while post-cache inspection features integrate with the Next-Gen WAF for detection on origin-bound traffic. For comprehensive protection, you can use both deployment options.

| Bot Management feature                                                                                                                       | Pre-cache inspection | Post-cache inspection | Description                                                                                                 |
| -------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | --------------------- | ----------------------------------------------------------------------------------------------------------- |
| [Advanced client-side detections](https://www.fastly.com/documentation/guides/security/bot-management/using-advanced-client-side-detections) | ❌                    | ✅                     | Detect bots that leverage headless browsers such as headless Chrome.                                        |
| AI bot detection                                                                                                                             | ✅                    | ✅                     | Detect AI crawlers and fetchers.                                                                            |
| [Client challenges](https://www.fastly.com/documentation/guides/security/bot-management/client-challenges/about-client-challenges)           | ❌                    | ✅                     | Require users to prove that they are human or that a connection is happening through a legitimate browser.  |
| [Client fingerprinting](https://docs.fastly.com/products/bot-management#client-fingerprinting)                                               | ✅                    | ✅                     | Identify client types and detect bots designed for malicious activities.                                    |
| [Private Access Tokens](https://docs.fastly.com/products/bot-management#private-access-tokens)                                               | ❌                    | ✅                     | Protect access resources on your origin.                                                                    |
| Server-side detection                                                                                                                        | ✅                    | ✅                     | Detect bots by analyzing server-side attributes, including HTTP header anomalies and `User-Agent` spoofing. |
| [Verified Bots](https://docs.fastly.com/products/bot-management#verified-bots)                                                               | ✅                    | ✅                     | Validate self-identified bots.                                                                              |

## Deploying Bot Management

Once all prerequisites have been met, you can use the Fastly control panel or API to deploy Bot Management on your Fastly services.

### Control panel

To deploy Bot Management on a service using the Fastly control panel, follow these steps:

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   From the [**Home**](https://manage.fastly.com/home) page, select the appropriate service. You can use the search box to search by ID, name, or domain.

3. Click **Service configuration**.
4. In the **Security** area, click the **Bot Management** switch to the **On** position.
5. For pre-cache inspection only, click the **ContentGuard** switch to the **On** position.

### API

To deploy Bot Management on a service using the Fastly API, follow these steps:

1. Call the [Bot Management enablement](https://www.fastly.com/documentation/reference/api/products/bot_management/#enable-product-bot-management) API endpoint in a terminal application:

   ```term copy nolinenums
   $ curl -X PUT \
     -H "Fastly-Key: ${FASTLY_API_TOKEN}" \
     -H 'Content-Type: application/json' \
     "https://api.fastly.com/enabled-products/v1/bot_management/services/${FASTLY_SERVICE_ID}"
   ```

2. For pre-cache inspection only, call the [Bot Management update configuration](https://www.fastly.com/documentation/reference/api/products/bot_management/#set-product-bot-management-configuration) API endpoint in a terminal application:

   ```term copy nolinenums
   $ curl -X PATCH \
     -H "Fastly-Key: ${FASTLY_API_TOKEN}" \
     -H 'Content-Type: application/json' \
     -d '{\"contentguard\":\"on\"}' \
     "https://api.fastly.com/enabled-products/v1/bot_management/services/${FASTLY_SERVICE_ID}/configuration"
   ```

You can then optionally configure [client challenges](https://www.fastly.com/documentation/guides/security/bot-management/client-challenges/about-client-challenges/#getting-started-with-client-challenges), [advanced client-side detections](https://www.fastly.com/documentation/guides/security/bot-management/using-advanced-client-side-detections/#setting-up-advanced-client-side-detections), and [ContentGuard](https://www.fastly.com/documentation/guides/security/bot-management/about-contentguard) for those services. Note that the other Bot Management features require no additional setup.

## Monitoring bot traffic

Once you've deployed Bot Management, you can use the following dashboards to monitor bot traffic targeting your web applications:

- **[Bot overview](https://www.fastly.com/documentation/guides/security/bot-management/about-contentguard/#bot-overview-dashboard):** dashboard that displays pre-cache inspection metrics about the volume and types of bot traffic directed at your service.
- **[Bot Management](https://www.fastly.com/documentation/guides/next-gen-waf/monitoring/monitoring-with-system-generated-dashboards/#bot-management-dashboard):** dashboard that displays post-cache inspection metrics about suspected bot activity and bot-related signals detected by the Next-Gen WAF.

## Related content

- [Bot Management](https://docs.fastly.com/products/bot-management)