By editing a domain’s default settings, you can configure automated responses to thwart attacks against your entire site and its content. You can also tailor specific settings for individual paths.
To access content protection settings for an API path:
- Log in to the Distil Portal.
- Click API Security on the top banner menu, then select Web & Mobile App API.
- Select an API URL from your API URLs dashboard.
- Click Settings on the banner menu.
- Click Edit Settings by Path in the Content Protection section.
Content protection settings are organized by tabs, including:
- Automated Threats Policy – No Distil identifier and known threat detection.
- Rate Limiting Policy – Requests per minute and requests per session.
- Mobile Policy – Bad client and invalid or expired token.
NOTE: The Mobile Policy tab is only available for mobile SDK URLs.
You can activate multiple threat responses for Distil to use in automatically mitigating threats.
NOTE: All of these settings default to monitor-only mode for new customers.
Automated threat responses for dynamic web APIs include:
- Monitor – Identify bots without taking any action. Distil automatically runs our entire detection suite, but does not take action. However, Distil does embed an X-Distil bot header that identifies the type of bot and the different threats that it failed, if applicable.
- Drop – Distil serves a drop page to the requester with the associated violation indicating their access to the API has been blocked.