Follow

Proof-of-Work Overview

When a request is submitted to access your website, Distil intercepts it and responds with a JavaScript (JS) test. To proceed with site access, the browser must prove it can process JS as expected. If the browser fails the test, Distil responds to it using your specific threat response.

If the browser passes the JS test, Distil forwards the request to your origin server. Whether the browser fails or passes, Distil collects request data, such as browser type, extensions, display type, fonts, and more, to create a unique fingerprint for the browser and user. The problem with JS responses is they can be spoofed. It is not easy, but is possible. However, forcing the browser to return an answer (or series of answers) based on algorithmic computations isn't so easily spoofable.

A proof-of-work (PoW) test adds another layer of JS-based protection against malicious requests issued by fake browsers or automated scripts. PoW forces every browser to pass an additional JS test or computational puzzle to prove it’s legitimate.

This forces botnets and spammers to spend more computational time, money, and effort for every request that is made. By replacing user-facing verification with behind-the-scenes browser testing, it also removes the need for human-solvable captcha forms.

NOTE: This feature is automatically enabled for all domains. Please contact Distil support to disable or enable proof-of-work protection.

Does Proof-of-Work Affect Site Performance?

Not noticeably. Although the browser pauses to solve the puzzle, the added time is nominal. PoW only affects the efficiency of data miners and scrapers attempting to access your site with automated browsers, since the overall cycle time per each page request does slightly increase.

Configuring Proof-of-Work

The PoW setting inherits the threat response from your automated browsers content protection setting. But unlike automated browsers protection, which allows for four threat responses (monitor, CAPTCHA, block, and drop), PoW protection can only be turned on or off.

NOTE: This feature is automatically enabled for all domains. Please contact Distil support to disable or enable proof-of-work protection.

For example, when automated browsers protection is set to CAPTCHA, block, or drop, PoW protection is enabled, inheriting the threat response from the automated browsers setting. Alternatively, when automated browsers protection is set to monitor, PoW protection is disabled.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments