Skip to content

Botstopper improvements #501

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tdgroot merged 2 commits into from
Jun 18, 2026
+38 −4
Merged

Botstopper improvements #501

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6009413
botstopper: Update documentation
tdgroot Jun 17, 2026
a83261e
docs: Fix incorrect admonition type
tdgroot Jun 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions docs/hypernode-platform/botstopper/how-to-use-botstopper.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ Enable it again for that vhost with:
hypernode-manage-vhosts example.com --botstopper
```

```{tip}
Keep in mind that botstopper is only active for HTTPS domains, because it uses the Secure flag for its cookies, which requires TLS.
```

## Choose an AI Policy

Botstopper has three AI policies. The default policy is `aggressive`.
Expand Down Expand Up @@ -229,6 +233,19 @@ Allow JSON API requests, using [CEL expressions](https://anubis.techaro.lol/docs
- 'path.startsWith("/api/")'
```

Add suspicion weight for traffic from a specific country:

```yaml
- name: weigh-countries-with-high-bot-traffic
action: WEIGH
expression:
all:
- '"X-Country-Code" in headers'
- 'headers["X-Country-Code"] in ["BY", "RU"]'
weigh:
adjust: 10
```

You usually do not need allow rules for API or webhook traffic. Botstopper allows traffic by default. Use an `ALLOW` rule when you already have, or plan to add, a broader custom rule that could otherwise challenge or block this trusted traffic.

## Logging
Expand All @@ -237,6 +254,23 @@ The botstopper service logs to `/var/log/botstopper/botstopper.log`. The log fil

To check the Botstopper logs in a human-readable manner, you can use the `hypernode-parse-botstopper-log` command. Read more about it in [How to View Botstopper Logs on Hypernode](./how-to-view-botstopper-logs.md).

## Cookies

In order to verify visitors, Botstopper uses cookies to track whether a visitor has passed a challenge. The following cookies are used:

| Cookie Name | Purpose |
| ---------------------------------- | ------------------------------------------------------------------ |
| `hnbotstopper-auth` | Used for authenticated sessions after a successful challenge. |
| `hnbotstopper-cookie-verification` | Temporary cookie to check whether the browser has cookies enabled. |

Cookies sent by Botstopper have the following flags set:

| Flag | Purpose |
| --------------- | -------------------------------------------------------------------------- |
| `Secure` | Ensures cookies are only sent over HTTPS connections. |
| `HttpOnly` | Prevents client-side scripts from accessing the cookies. |
| `SameSite=None` | Cross-domain requests will keep working, safe option with the Secure flag. |

## Safe Policy Changes

Use specific rules whenever possible. Broad user-agent rules can block legitimate crawlers or integrations.
Expand Down
6 changes: 3 additions & 3 deletions docs/hypernode-platform/botstopper/how-to-view-botstopper-logs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,9 @@ app@example-magweb-cmbl ~ $ hypernode-parse-botstopper-log --today
The output shows the timestamp, log level, message, and request metadata:

```console
2026-06-05 01:40:05.717877576Z [INF] new challenge issued > host=example.com method=GET path=/ user_agent="Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" client_ip=66.132.172.211 accept_language="" priority="" challenge=019e956f-ffd3-735d-9dce-5fe1aa40d534
2026-06-05 02:07:11.959647899Z [INF] new challenge issued > host=example.com method=GET path=/ user_agent="Mozilla/5.0 (X11; Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0" client_ip=134.209.40.161 accept_language=en-US,en;q=0.5 priority="u=0, i" challenge=019e9588-d054-7c99-8684-61bbcb099b2f
2026-06-05 02:38:01.225327165Z [INF] new challenge issued > host=example.com method=GET path=/compete-track-tote.html user_agent="Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; TikTokSpider; ttspider-feedback@tiktok.com)" client_ip=47.128.111.110 accept_language=en-US,en;q=0.5 priority="u=0, i" challenge=019e95a5-0807-759a-80d7-f450d68a1923
2026-06-05 01:40:05.717877576Z [INF] new challenge issued > host=example.com method=GET path=/ user_agent="Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" client_ip=66.132.172.211 accept_language="" priority="" challenge=019e956f-ffd3-735d-9dce-5fe1aa40d534 weight=10
2026-06-05 02:07:11.959647899Z [INF] new challenge issued > host=example.com method=GET path=/ user_agent="Mozilla/5.0 (X11; Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0" client_ip=134.209.40.161 accept_language=en-US,en;q=0.5 priority="u=0, i" challenge=019e9588-d054-7c99-8684-61bbcb099b2f weight=10
2026-06-05 02:38:01.225327165Z [INF] new challenge issued > host=example.com method=GET path=/compete-track-tote.html user_agent="Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; TikTokSpider; ttspider-feedback@tiktok.com)" client_ip=47.128.111.110 accept_language=en-US,en;q=0.5 priority="u=0, i" challenge=019e95a5-0807-759a-80d7-f450d68a1923 weight=10
```

Common messages include `new challenge issued` for visitors or bots that received a browser challenge.
Expand Down
2 changes: 1 addition & 1 deletion docs/hypernode-platform/varnish/Investigating-varnish-errors-on-hypernode.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@

Start by checking `/var/log/nginx/access.log` for any `503` responses. Look for a line similar to the following:

```log

Check warning on line 65 in docs/hypernode-platform/varnish/Investigating-varnish-errors-on-hypernode.md

View workflow job for this annotation

GitHub Actions / build 

Pygments lexer name %r is not known [misc.highlighting_failure] [misc.highlighting_failure]
./access.log:{"time":"2026-02-26T06:55:31+00:00", "remote_addr":"122.173.26.219", "remote_user":"", "host":"www.domain.com", "request":"GET /some/url/", "status":"503", "body_bytes_sent":"552", "referer":"", "user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36", "request_time":"0.000", "handler":"varnish", "country":"NL", "server_name":"www.domain.com", "port":"443", "ssl_cipher":"TLS_AES_128_GCM_SHA256", "ssl_protocol":"TLSv1.3"}
```

Expand Down Expand Up @@ -127,7 +127,7 @@

If the problem persists after applying these fixes, contact support for further assistance.

```{information}
```{tip}
For more information about Varnish configuration and tuning, see our [documentation on improving Varnish hit rate](https://docs.hypernode.com/hypernode-platform/varnish/improving-varnish-hit-rate-on-hypernode.html) and the official
[Varnish documentation](https://varnish-cache.org/docs/).
```
Loading