Each request inspected by Distil is assigned a 'Threat' value and that value is appended to the request sent from Distil to origin in the HTTP Header x-distil-bot. A Threat value of 0 indicates that no threat was was identified.
If you’d like more information on x-distil-threats values related to our API security solution, see the X-Distil-Threats Values article.
The table below lists the possible values for x-distil-bot when a threat is identified.
| X-Distil-Bot | Threat Type | Portal Setting |
| 1 | Known Violators | Known Violators |
| 2 | Blocked Country | Country Block List |
| 4 | Browser Integrity Check | Identities |
| 8 | Known Violator User Agent | Known Violators |
| 16 | Rate Limited | Manage Rate Limiting |
| 32 | Known Violator Honeypot Access | Known Violators |
| 64 | Referrer Block | Manage Referrers & Proxies |
| 128 | Session Length Exceeded | Manage Rate Limiting |
| 256 | Pages Per Session Exceeded | Manage Rate Limiting |
| 512 | Bad User Agents | Identities |
| 1024 | Aggregator User Agents | Aggregator User Agents |
| 2048 | Filtered IP (IP Blacklist) | IP Access List |
| 4096 | JavaScript Not Loaded | Automated Browsers |
| 8192 | JavaScript Check Failed | Automated Browsers |
| 16384 | Machine Learning Violation | Machine Learning Settings |
| 32768 | Known Violator Automation Tool | Force JavaScript Settings |
| 65536 | Form Spam Submission | Known Violators |
| 131072 | Unverified Signature | Force JavaScript Settings |
| 262144 | IP Pinning Failure | [n/a - information only] |
| 524288 | Invalid JavaScript Test Results | Force JavaScript Settings |
| 1048576 | Organization Block | Custom Settings |
| 2097152 | Known Violator Data Center | KVDC |
| 4194304 | User Agent ACL | Universal ACL |
| 8388608 | Unique Identifier ACL | Universal ACL |
| 16777216 | Improper Header Name/Value | Universal ACL |
| 33554432 | Invalid Custom Token | Custom Token |
| 67108864 | Exceeds Maximum CAPTCHA Attempts | |
| 134217728 |
Extension ACL |
Universal ACL |
| 268435456 |
Missing Unique ID NOTE: This threat value is unique to Web API requests. |
Web API > Automated Threats Policy > No Distil Identifier |
Additionally, it is possible that multiple threats may be identified for a single request and as such, the value passed to origin is quite often a sum of the above values. A common value is 12289, which evaluates to:
| X-Distil-Bot | Threat Type |
| 1 | Known Violators |
| 4096 | JavaScript Not Loaded |
| 8192 | JavaScript Check Failed |
Appending this value to your server logs can be invaluable in investigating suspicious traffic.
The x-distil-bot header is not visible to end users--it is only passed between Distil and the origin server.
Whitelisted Requests
Refer to field 48 of your web logs to review specific reasons why Distil whitelisted a request.
Comments