Each request inspected by Distil is assigned a 'Threat' value and that value is appended to the request sent from Distil to origin in the HTTP Header x-distil-bot. A Threat value of 0 indicates that no threat was was identified.
If you’d like more information on x-distil-threats values related to our API security solution, see the X-Distil-Threats Values article.
The table below lists the possible values for x-distil-bot when a threat is identified.
X-Distil-Bot | Threat Type | Portal Setting |
1 | Known Violators | Known Violators |
2 | Blocked Country | Country Block List |
4 | Browser Integrity Check | Identities |
8 | Known Violator User Agent | Known Violators |
16 | Rate Limited | Manage Rate Limiting |
32 | Known Violator Honeypot Access | Known Violators |
64 | Referrer Block | Manage Referrers & Proxies |
128 | Session Length Exceeded | Manage Rate Limiting |
256 | Pages Per Session Exceeded | Manage Rate Limiting |
512 | Bad User Agents | Identities |
1024 | Aggregator User Agents | Aggregator User Agents |
2048 | Filtered IP (IP Blacklist) | IP Access List |
4096 | JavaScript Not Loaded | Automated Browsers |
8192 | JavaScript Check Failed | Automated Browsers |
16384 | Machine Learning Violation | Machine Learning Settings |
32768 | Known Violator Automation Tool | Force JavaScript Settings |
65536 | Form Spam Submission | Known Violators |
131072 | Unverified Signature | Force JavaScript Settings |
262144 | IP Pinning Failure | [n/a - information only] |
524288 | Invalid JavaScript Test Results | Force JavaScript Settings |
1048576 | Organization Block | Custom Settings |
2097152 | Known Violator Data Center | KVDC |
4194304 | User Agent ACL | Universal ACL |
8388608 | Unique Identifier ACL | Universal ACL |
16777216 | Improper Header Name/Value | Universal ACL |
33554432 | Invalid Custom Token | Custom Token |
67108864 | Exceeds Maximum CAPTCHA Attempts | |
134217728 |
Extension ACL |
Universal ACL |
268435456 |
Missing Unique ID NOTE: This threat value is unique to Web API requests. |
Web API > Automated Threats Policy > No Distil Identifier |
Additionally, it is possible that multiple threats may be identified for a single request and as such, the value passed to origin is quite often a sum of the above values. A common value is 12289, which evaluates to:
X-Distil-Bot | Threat Type |
1 | Known Violators |
4096 | JavaScript Not Loaded |
8192 | JavaScript Check Failed |
Appending this value to your server logs can be invaluable in investigating suspicious traffic.
The x-distil-bot header is not visible to end users--it is only passed between Distil and the origin server.
Whitelisted Requests
Refer to field 48 of your web logs to review specific reasons why Distil whitelisted a request.
Comments