Skip to content

Commit c25f8aa

Browse files
committed
botstopper: Add info about cookies
Users must be aware that they need to review their cookie consent manager policies to make sure the botstopper cookie is going to be allowed.
1 parent 2f4d522 commit c25f8aa

1 file changed

Lines changed: 12 additions & 0 deletions

File tree

docs/hypernode-platform/botstopper/how-to-use-botstopper.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,10 @@ For more background on bot traffic and Magento performance, see [How to Fix Perf
2020

2121
## Enable Botstopper
2222

23+
```{warning}
24+
If you run a cookie consent manager in explicit mode, where only required cookies are persisted until the visitor accepts, mark the `hnbotstopper-auth` cookie as required before enabling Botstopper. Otherwise visitors who pass a challenge keep losing the cookie and the site breaks. See [The hnbotstopper-auth Cookie](#the-hnbotstopper-auth-cookie) for details.
25+
```
26+
2327
Botstopper is disabled by default on a Hypernode. Enable it with:
2428

2529
```bash
@@ -85,6 +89,14 @@ Botstopper evaluates policy rules from top to bottom. A rule can allow, deny, ch
8589

8690
Challenge responses use HTTP `200`. This is intentional. Many aggressive scraper bots stop retrying once they receive a `200` response.
8791

92+
## The hnbotstopper-auth Cookie
93+
94+
When a visitor passes a browser challenge, Botstopper stores the result in a cookie named `hnbotstopper-auth`. The browser sends this cookie on later requests so the visitor does not have to solve a new challenge every time.
95+
96+
```{warning}
97+
If you run a cookie consent manager in explicit mode, where only required cookies are persisted until the visitor accepts, you must mark `hnbotstopper-auth` as a required cookie. Otherwise the consent manager strips the cookie, the visitor fails the challenge on every request, and the site breaks.
98+
```
99+
88100
## Standard Hypernode Policies
89101

90102
Hypernode ships Botstopper with a standard policy that keeps important services working and blocks common abusive traffic.

0 commit comments

Comments
 (0)