Bot Blocking

Nova WAF allows you to allow-list IPs and rules or to block-list IPs. This has many functions, as described below.


Bots often avoid detection by cycling through random IP addresses, entering through anonymous proxies, changing their identities, and mimicking human behavior.

To counter the bot threat, Nova Nodes include a powerful activity recognition engine capable of identifying suspicious browsing patterns, non-human input, and traffic from questionable sources.

Nova Nodes can also submit a user for central evaluation by the Nova Bot AI, which evaluates the user's input, browsing patterns, browser identifier, location, reputation, and more. Nova compares the client to other known bots, safe browsers, and our database of legitimate bots and spiders to avoid false positives.

The system is self-learning and constantly evolving its reputation database and bot recognition database.


Bot blocking is an automated system driven by user browser patterns, request rates, unique URLs, user agents and more many functions. We advise testing it in pre-production before going live. You can bypass bot protection by adding an IP to your WAF profiles allow list.

Bad Bots / Referers

A large percentage of bots are easily identified by User Agent or Referer tags. This is a very efficient system for blocking standard (often spammy) bots.

AI-enhanced Blocking

Detect bots using our AI-powered bot detection algorithm, verify potential bots with JavaScript pages, and block non-compliant browsers.

Nova Nodes detect suspicious behavior automatically and locally block most automated or dangerous traffic. Nova additionally has the ability to submit a questionable (but unclear) browser to Nova's centralized machine learning (ML) system, which is highly effective and accurate at detecting natural browsing patterns, the identifiers associated with bot traffic, and networks' reputations.

Nova's centralized intelligence then informs the Node what action to take and allows it to confidently block unwanted bot traffic with extremely high accuracy.

Common Bot Types


Bad actors will use bots to crawl websites and submit spam information into forms and any vulnerability that can be filled with spam information.

Content Scraping

Bad actors will use bots to crawl websites to copy content (including confidential content that is intended to be hidden) – to steal intellectual property or to benefit from the SEO qualities of that content.

Account Takeover / Credential Stuffing

Bad actors will use bots to takeover legitimate user accounts using credential stuffing – the automated injection of stolen username and password pairs.

Interface Example