Documentation Index

Fetch the complete documentation index at: https://docs.document360.com/llms.txt

Use this file to discover all available pages before exploring further.

Bot management

Prev Next

Bot management in Document360 controls which automated programs can access your knowledge base portal and site — blocking malicious bots while allowing legitimate ones through. Without it, your knowledge base is vulnerable to content scraping, spam, credential stuffing, and DDoS attacks that degrade performance and compromise data integrity. Document360 uses Cloudflare's heuristic and machine learning detection to protect both the knowledge base portal and the knowledge base site automatically.


Types of bots

Bots fall into two categories:

  • Good bots (Verified Bots) — These bots, such as GoogleBot, BingBot, and GPTBot, are transparent about their identity and purpose. They are allowed through by default.
  • Bad bots (Malicious Bots) — These bots engage in harmful activities including content scraping, spreading spam, credential stuffing, DoS and DDoS attacks, web scraping, and brute force password cracking.

When to use bot management

Use bot management when you need to:

  • Protect against content scraping — prevent unauthorised bots from harvesting your knowledge base articles for redistribution.
  • Block credential stuffing and brute force attacks — stop bots from attempting repeated logins with stolen or guessed credentials.
  • Maintain site performance — reduce server load caused by high-volume automated traffic from bad bots including DoS and DDoS attacks.

How bot management works in Document360

Document360 integrates with Cloudflare to enforce bot management across your knowledge base portal and site. The system operates in Block mode for definitively identified bot requests only, using the following detection methods:

  1. Heuristic and machine learning detection — Cloudflare continuously analyses incoming traffic patterns, user-agent anomalies, and other behavioural markers to detect and block malicious bots proactively.

  2. User-agent monitoring — Requests with empty user agents or user agents that identify unreleased browser versions are automatically flagged and blocked.

  3. IP and port blocking — If your site is accessed through unsupported port numbers (for example, port 8443), Cloudflare blocks the attempt automatically. Unusual traffic volumes from the same IP address or ISP are also detected and blocked.

CAUTION

Blocking specific bots or user agents may affect custom automation scripts or integrations that access your knowledge base programmatically. Review any active integrations before relying on bot blocking rules.

NOTE

Implementing these security measures is critical for safeguarding against malicious bot activity and maintaining the integrity of your online platforms.


Best practices

  • Review your automation scripts before relying on bot management to ensure their user agents are set to a valid, released browser version string.
  • Do not use unsupported port numbers in any internal links or API integrations pointing to your knowledge base site, as these will be blocked at the Cloudflare layer.

FAQ

Will bot management affect my existing integrations or automation scripts?

It may. Scripts that use empty user agents or user agents that resemble unreleased browser versions may be flagged and blocked by Cloudflare. Ensure all custom automation scripts use a valid, properly formatted user agent string before relying on bot management rules.

What can I do if I'm on a plan that doesn't include bot management?

If you are on a lower plan and suspect bot or crawler traffic, use the Robots.txt settings under Settings > Knowledge base site > SEO to restrict or slow down unwanted crawlers. This is not a full bot management solution but provides a basic level of crawler control.

Does Document360 provide bot management for both the portal and the public site?

Yes. Bot detection and blocking is applied to both the knowledge base portal (used by your team internally) and the knowledge base site (your public-facing documentation), ensuring protection across all access points.