Choose a language:

Traffic access rules: Stop bots with precise segmentation & targeted mitigation

Published:
Updated: 11 Sep 2024
Small figurines on beige backdrop

Every major website faces bots and the problems they bring with them. But everyone’s bot problem is unique. No other website has the same bots, the same vulnerabilities, the same threats as yours. No other company has your product range, sales delivery methods, and brand reputation. Traffic Access Rules lets you tailor your bots and abuse mitigation strategy to your specific needs and use case. It lets you level-up your bot protection with more control and customization of traffic than ever before.

Over 30% of all online traffic is bad bots. But what this number is made up of—and indeed the number itself—varies dramatically across regions, industries, and individual websites.

There’s no one-size-fits-all approach to bots and traffic management. There’s no switch every company can simply flick to create the perfect, most profitable, most accurate, flow of “good” traffic.

Some companies, for example, want scraper bots to pull data from their site to increase the volume and quality of referral traffic from third-party sites. Others want to keep scrapers off their sites entirely.

Some companies ship products internationally and expect traffic from across the globe. While for others, traffic from unfamiliar geographies represents trouble.

Some organizations need their support teams to be able to bypass their waiting rooms to access events. For others, this would be a threat to fairness and security.

There isn’t a one-size-fits-all approach to bots and traffic management.

Solution

Queue-it’s new feature, Traffic Access Rules, makes it easy to identify a segment of visitors and choose whether they should be challenged, blocked, or allowed to bypass the queue. It gives you more control and customization than ever before, so you can tailor your bots and abuse protection to your needs.

You can identify a segment of visitors based on:

  • Static network analysis, like IP address or user agent
  • User behavior, like reputation score

You can then configure access rules to:

  • Challenge traffic you believe is suspicious
  • Hard block traffic you know is malicious
  • Allow specific traffic (such as support staff) to bypass the queue

These rules can be applied globally to all waiting rooms, to specific waiting rooms, or to different inflow types (scheduled or 24/7 protection).

Traffic Access Rules joins Queue-it’s advanced suite of bot mitigation and traffic control features, adding more flexibility, control, and customizability to how you handle traffic. It enables you to tailor your traffic management to your region, industry, business, use case, or business objectives.

RELATED: See More, Act Smarter: Your Bots & Abuse Situation is More Transparent Than Ever

 

Where it fits in your bot protection strategy

A robust bot prevention strategy involves four stages: detection, assessment, mitigation, and evaluation. These four stages occur in a cycle, where in each stage you refine and iterate on your strategy.

Traffic Access Rules fits into the “mitigation” stage of bot prevention. And mitigation works best when you have the data to detect, assess, and evaluate your past, current, and future events—which can be found in Traffic Insights.

Traffic Insights is where you get the information you need to act; Traffic Access Rules is where you put those insights to work.

You can use the detailed dashboards and analytics from Traffic Insights to identify the threats and traffic patterns specific to you, then configure access rules accordingly.

Examples of Traffic Access Rules based on Traffic Insights

Detect with Traffic Insights

cashing out shopping bot

Mitigate with Traffic Access Rules

Aggressive IP address

cashing out shopping bot

Challenge those IP addresses

Data center traffic

cashing out shopping bot

Block data center traffic

Unexpected user agent

cashing out shopping bot

Challenge traffic with that user agent

 

Traffic Insights dashboard

The Traffic Insights Alerts dashboard in the GO Queue-it Platform showing aggressive IP addresses, data center traffic, user agents, and more

How to

To use Traffic Access Rules, you’ll need to have the Bots & Abuse feature on your Queue-it subscription.

Traffic Access Rules works by triggering an action based on a set of conditions, like an IF-THEN statement. For example:

  • IF [reputation score=high risk], THEN [Challenge traffic]
  • IF [IP address=your company IP address], THEN [Bypass queue]
  • IF [Classifier=Queue-it Datacenter], THEN [Hard block traffic]

The IF conditions are where you choose the type of traffic you want to act on. You can choose one IF condition, or stack multiple together using “ANY” or “ALL” logic. The THEN actions describe how to respond to that traffic.

Traffic access conditions

Examples of IF conditions that give you a high degree of control in identifying your target visitors are shown in the table below.

Condition
(IF-THEN)

Description

Example

ASN

The ASN (Autonomous System Number), a range of IP addresses controlled by a specific identity (e.g. ISP (Internet Service Provider) or Governments)

Block traffic coming from ASNs known to be the source of malicious traffic

Classifier

A pre-existing data set maintained by Queue-it (e.g. data center traffic)

Challenge traffic coming from data centers

HTTP Header

Information that comes with visitor page requests and can contain parameters like referral source or browser language

Challenge traffic from visitors with a browser language outside your target market

IP Address

The address identifying a specific computer or computer network

Hard block aggressive IP addresses

IP Range

A subnet of IP addresses

Allow staff from your company IP address to bypass the queue

Reputation Score

A dynamic Queue-it-assigned score of how trustworthy a visitor is (0 is lowest, 100 is highest) based on user behavior and additional data

Challenge traffic with an average reputation score for extra security

User Agent

Metadata that accompanies visitor requests

Challenge visitors using outdated browser versions

Waiting Room ID

ID of a specific waiting room used to narrowly apply your traffic access rules

Challenge certain traffic in one waiting room but block certain traffic in another

Waiting Room State

State of a waiting room used to narrowly apply your traffic access rules

Block traffic when the waiting room is in 24/7 protection mode

 

Traffic access actions

Examples of THEN actions that give you flexibility in how to act on your identified visitors target visitors are shown in the table below.

Action
(IF-THEN)

Description

Example

Bypass waiting room

Allow user segment to bypass the waiting room for immediate access to your website or webpage

You want support staff from your organization to have direct access to troubleshoot issues on your site

Challenge

Challenge the user segment with a Queue-it CAPTCHA

You want to determine if traffic from an IP address range is genuine or malicious

Hard Block

Deny access to the waiting room

You want data center traffic to be denied access to your sale

 

Create a traffic access rule

To create a traffic access rule, visit the GO Queue-it Platform and select “Traffic Rules” then “Setup” in the left-hand column.

From the Traffic Rules page, add a new rule by clicking the “ADD RULE” button in the top right corner.

Traffic access rules how to

From the create rule page, you can add a name to your rule to describe its function, then create the IF-THEN criteria for the rule using the drop-down menus and free text forms. Click “SAVE RULE” when you’re done.

Key takeaway

Traffic Access Rules joins Queue-it’s advanced suite of bot mitigation and traffic control features, adding more flexibility, control, and customizability to how you manage your traffic.

To customize your bots and abuse protection to suit your needs, you can configure access rules to:

  • Challenge traffic you believe is suspicious
  • Hard block traffic you know is malicious
  • Allow specific traffic (such as support staff) to bypass the queue

This helps you improve the sale or registration experience, both for staff and customers.

Traffic Access Rules gives you the power to act on the detailed analytics and data in the Traffic Insights Data. It lets you customize and optimize the “mitigation” stage in your bot protection strategy.

To use Traffic Access Rules, you’ll need to have the Bots & Abuse feature on your Queue-it subscription. If you’d like to strengthen your bots and abuse mitigation strategy and get access to Traffic Access Rules, contact your Customer Success representative.

Discover Queue-it's latest product updates