Tag: bot-detection

JA3 and JA4 TLS fingerprinting read the bytes of the ClientHello to spot the software behind a connection, even when it lies about its User-Agent. Here is how it works on nginx with ngx_ssl_fingerprint_module, and why blocking on a fingerprint is riskier than it looks.

A single misbehaving scraper can fire 40,000 requests an hour at a 404 it will never stop hitting, and your access log…

Half of all web traffic is bots, and a growing slice are vibe-coded AI scanners written by a chatbot prompt. Here is the five-layer defense in depth that stops them: rate limiting, WAF, TLS hardening, request validation, access control, PHP and Docker hardening, plus the patching that does the most work.

The complete guide to building and running an optimised Nginx or Angie server on Debian and Ubuntu — HTTP/3, TLS 1.3, brotli, ModSecurity WAF, FastCGI caching, and eight layers of WordPress defence. Every directive explained.