Retrieve labels for AWS WAF Bot Control rule group

3 minute read

Content level: Intermediate

How to retrieve AWS WAF Bot Control (ABC) rule group labels

Overview

AWS WAF Bot Control (ABC) gives you visibility and control over common and pervasive bot traffic that can consume excess resources, skew metrics, cause downtime, or perform other undesired activities. A key feature of this AWS Managed Rules for AWS WAF (AMR) is the attachment of labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack (web ACL). The ABC AMR generates labels with the namespace prefix awswaf:managed:aws:bot-control: followed by the custom namespace and label name. An overview of labels is available from Labels added by this rule group.

At time of writing, there are more than 500 labels of the format awswaf:managed:aws:bot-control:bot:name:<name> that identifies each bot. Examples include awswaf:managed:aws:bot-control:bot:name:chatgpt_user, awswaf:managed:aws:bot-control:bot:name:discordbot, awswaf:managed:aws:bot-control:bot:name:google_adsbot etc..

This article shows how you can retrieve all labels through the API by calling DescribeManagedRuleGroup using AWS CLI from within CloudShell.

To run the below commands from outside CloudShell, you will need a client with AWS CLI and jq installed

CloudShell

Login to your AWS Console, and simply click the CloudShell icon in the AWS Management Console. Click within the terminal to run your commands.

CloudShell

Labels for Regional and CloudFront may differ. This article illustrate how to retrieve for both, and use CloudFront for rest of the examples

Retrieve Labels

Bot Control Versions

Regional

VENDOR="AWS"
AMR="AWSManagedRulesBotControlRuleSet"
SCOPE="REGIONAL"

aws wafv2 list-available-managed-rule-group-versions  --vendor-name $VENDOR --name $AMR --scope $SCOPE   | jq -r ".Versions[].Name"

CloudFront

VENDOR="AWS"
AMR="AWSManagedRulesBotControlRuleSet"
SCOPE="CLOUDFRONT --region us-east-1"

aws wafv2 list-available-managed-rule-group-versions  --vendor-name $VENDOR --name $AMR --scope $SCOPE   | jq -r ".Versions[].Name"

Output

Output should be similar to below

Version_1.0
Version_2.0
Version_3.0
Version_3.1
Version_3.2
Version_3.3
Version_4.0
Version_5.0

Note the version that you want, e.g. Version_5.0

Retrieve all labels

VENDOR="AWS"
AMR="AWSManagedRulesBotControlRuleSet"
SCOPE="CLOUDFRONT --region us-east-1"
VERSION="Version_5.0"

aws wafv2 describe-managed-rule-group --version-name $VERSION --vendor-name $VENDOR --name $AMR --scope $SCOPE | jq -r ".AvailableLabels[].Name"

Retrieve all categories

VENDOR="AWS"
AMR="AWSManagedRulesBotControlRuleSet"
SCOPE="CLOUDFRONT --region us-east-1"
VERSION="Version_5.0"

aws wafv2 describe-managed-rule-group --version-name $VERSION --vendor-name $VENDOR --name $AMR --scope $SCOPE | jq -r ".AvailableLabels[].Name" | grep "awswaf:managed:aws:bot-control:bot:category:"

Output should be similar to below

awswaf:managed:aws:bot-control:bot:category:advertising
awswaf:managed:aws:bot-control:bot:category:ai
awswaf:managed:aws:bot-control:bot:category:archiver
awswaf:managed:aws:bot-control:bot:category:content_fetcher
awswaf:managed:aws:bot-control:bot:category:email_client
awswaf:managed:aws:bot-control:bot:category:http_library
awswaf:managed:aws:bot-control:bot:category:link_checker
awswaf:managed:aws:bot-control:bot:category:miscellaneous
awswaf:managed:aws:bot-control:bot:category:monitoring
awswaf:managed:aws:bot-control:bot:category:page_preview
awswaf:managed:aws:bot-control:bot:category:scraping_framework
awswaf:managed:aws:bot-control:bot:category:search_engine
awswaf:managed:aws:bot-control:bot:category:security
awswaf:managed:aws:bot-control:bot:category:seo
awswaf:managed:aws:bot-control:bot:category:social_media
awswaf:managed:aws:bot-control:bot:category:webhooks

Bot publisher (Organization)

VENDOR="AWS"
AMR="AWSManagedRulesBotControlRuleSet"
SCOPE="CLOUDFRONT --region us-east-1"
VERSION="Version_5.0"

aws wafv2 describe-managed-rule-group --version-name $VERSION --vendor-name $VENDOR --name $AMR --scope $SCOPE | jq -r ".AvailableLabels[].Name" | grep "awswaf:managed:aws:bot-control:bot:organization:"

Partial listing below

awswaf:managed:aws:bot-control:bot:organization:acquia
awswaf:managed:aws:bot-control:bot:organization:adyen
awswaf:managed:aws:bot-control:bot:organization:agencyanalytics
awswaf:managed:aws:bot-control:bot:organization:ahrefs
awswaf:managed:aws:bot-control:bot:organization:airo
awswaf:managed:aws:bot-control:bot:organization:algolia
awswaf:managed:aws:bot-control:bot:organization:amazon
awswaf:managed:aws:bot-control:bot:organization:anthropic
awswaf:managed:aws:bot-control:bot:organization:apple
awswaf:managed:aws:bot-control:bot:organization:atlassian
awswaf:managed:aws:bot-control:bot:organization:audisto
...
...
...
awswaf:managed:aws:bot-control:bot:organization:watchful
awswaf:managed:aws:bot-control:bot:organization:webceo
awswaf:managed:aws:bot-control:bot:organization:webpros
awswaf:managed:aws:bot-control:bot:organization:wp_umbrella
awswaf:managed:aws:bot-control:bot:organization:wpmudev
awswaf:managed:aws:bot-control:bot:organization:x
awswaf:managed:aws:bot-control:bot:organization:xy_planning_network
awswaf:managed:aws:bot-control:bot:organization:yahoo
awswaf:managed:aws:bot-control:bot:organization:yandex
awswaf:managed:aws:bot-control:bot:organization:yext
awswaf:managed:aws:bot-control:bot:organization:zoho
awswaf:managed:aws:bot-control:bot:organization:zoovu

All bots

VENDOR="AWS"
AMR="AWSManagedRulesBotControlRuleSet"
SCOPE="CLOUDFRONT --region us-east-1"
VERSION="Version_5.0"

aws wafv2 describe-managed-rule-group --version-name $VERSION --vendor-name $VENDOR --name $AMR --scope $SCOPE | jq -r ".AvailableLabels[].Name" | grep "awswaf:managed:aws:bot-control:bot:name:"

Partial listing below

awswaf:managed:aws:bot-control:bot:name:2checkout
awswaf:managed:aws:bot-control:bot:name:360monitoring
awswaf:managed:aws:bot-control:bot:name:360spider
awswaf:managed:aws:bot-control:bot:name:aasa_bot
...
...
awswaf:managed:aws:bot-control:bot:name:ghost_inspector
awswaf:managed:aws:bot-control:bot:name:gigabot
awswaf:managed:aws:bot-control:bot:name:go_http
...
awswaf:managed:aws:bot-control:bot:name:letsencrypt
awswaf:managed:aws:bot-control:bot:name:level_9_search_bot
awswaf:managed:aws:bot-control:bot:name:libhttp
...
...
awswaf:managed:aws:bot-control:bot:name:zapier
awswaf:managed:aws:bot-control:bot:name:zendesk_webhook
awswaf:managed:aws:bot-control:bot:name:zendhttpclient
awswaf:managed:aws:bot-control:bot:name:zoominfobot
awswaf:managed:aws:bot-control:bot:name:zumbot
awswaf:managed:aws:bot-control:bot:name:zyborg

Using labels.

Refer to AWS WAF Bot Control examples for examples

Topics: Security, Identity, & Compliance
Tags: AWS WAF
Language: English

EXPERT

MikeLim

published 13 days ago114 views

No comments

Relevant content

How to use AWS WAF labels to fine tune webACL?
EXPERT
Lei Pei
published 2 years ago
AWS re:Post Knowledge Center Spotlight: AWS WAF
EXPERT
AWS Official
published 2 years ago
AWS WAF Distributed Denial of Service (DDoS) prevention rule group
EXPERT
Amey Dongre
published 9 months ago
Custom response body for AWS bot control
Techxonia
asked 4 years ago
How to Configure AWS WAF Rules for Optimal Protection of a WhatsApp Bot-Based Front-End in AWS App Runner?
yann_stoneman
asked 2 years ago
Allow good bots in WAF rate-based rule
Accepted Answer
AKMin
asked 2 years ago
How do I allow requests from a bot that's blocked by an AWS WAF Bot Control rule group?
AWS OFFICIALUpdated 10 months ago
How do I analyze my CloudWatch metrics and logs for AWS WAF rules in Count mode?
AWS OFFICIALUpdated 2 months ago
How do I detect false positives caused by AWS Managed Rules?
AWS OFFICIALUpdated 3 months ago
How do I use an aggregation key to configure a rate limit rule in AWS WAF?
AWS OFFICIALUpdated 10 months ago