Book a demo
Connect with us to explore our solutions or request a personalized offer
How We Identify Malicious Bots in Encrypted Navigation Traffic
28 May, 2026 | 4 min
An IT company develops an electronic city map directory covering over 20,000 cities and towns across 12 countries. With more than 55 million monthly users, its infrastructure handles over 20 million search queries per day. Some of these queries are malicious and require immediate filtering.
Challenge
Due to the growth of threats and risks, a new security requirement emerged: the filtration system had to be located strictly within the navigation service infrastructure and capable of handling several key tasks:
- Automatic DDoS mitigation without blocking IP addresses.
- Protection for websites and mobile app APIs without exposing encrypted client traffic.
- Ensuring 24/7 availability for any number of web applications without requiring code changes.
"In 2022, we encountered bot attacks that our provider periodically missed. We decided to strengthen our defenses by finding a more effective DDoS and bot protection solution that we could deploy within our perimeter."
Lead Information Security Engineer, Navigation Service
Solution
Strictera experts proposed using a single WAAP system for web traffic cleanup, integrating it into the company’s infrastructure instead of multiple cloud solutions from different providers. This anti-bot solution can block both large-scale DDoS attacks with millions of requests per second and intelligent bot attacks on application registration and authorization endpoints.
When deployed locally, WAAP filters HTTPS traffic without requiring disclosure of SSL encryption keys or the continuous transfer of web server logs to a security vendor for analysis. Effective detection and immediate blocking of illegitimate requests requires only periodic training on the legitimate traffic profiles of protected web resources during integration.
When deployed locally, WAAP filters HTTPS traffic without requiring disclosure of SSL encryption keys or the continuous transfer of web server logs to a security vendor for analysis. Effective detection and immediate blocking of illegitimate requests requires only periodic training on the legitimate traffic profiles of protected web resources during integration.
How Strictera WAAP works in the client's Infrastructure
- WAAP software is installed as NGINX modules on the client’s infrastructure.
- Each web server of the navigation service accepts incoming connections and establishes HTTPS sessions.
- The deployed NGINX module receives the request data needed for analysis and checks it against the local cache. If no verdict is available, the module forwards the request to Strictera’s decision-making system for review. After the verdict is returned, the module caches it and instructs the server to either allow or block the request.
- If mobile app protection is required, the WAAP system is additionally trained over several days on the app’s traffic profile to correctly distinguish legitimate API requests from malicious ones.
How we made the protection system layered
When the client began scaling its infrastructure across data centers in different cities, Strictera experts recommended adding protection for the channels against network floods. Network engineers configured dedicated communication channels to the client’s infrastructure and enabled NDP.
Traffic passing through these secure channels undergoes pre-cleaning to prevent high-volume network DDoS attacks at L3 and L4. Next, the NGINX module verifies the metadata of requests to the client’s web servers using multi-factor analysis and traffic profiles, all within the client’s secure environment.
Traffic passing through these secure channels undergoes pre-cleaning to prevent high-volume network DDoS attacks at L3 and L4. Next, the NGINX module verifies the metadata of requests to the client’s web servers using multi-factor analysis and traffic profiles, all within the client’s secure environment.
Results
In 2023, Strictera helped the navigation service build layered protection for key applications, including the company's subsidiary services with several important results:
- Layered protection against automated threats at L3–L7 from a single vendor.
- Filtering of illegitimate requests without blocking users.
- Protection against bots and DDoS attacks without exposing encrypted client traffic, including for mobile APIs.
- Local integration of a PCI DSS-compliant security system.
- No need to send web server logs for protection.
"The main criterion for choosing an anti-bot solution was local protection against malicious automation without compromising SSL keys, including for mobile APIs. The unified Strictera WAAP system comprehensively addresses several urgent filtering challenges for our online services. By connecting secure internet channels, our security system became truly multi-layered."
Lead Information Security Engineer, Navigation Service
Book a demo to see Strictera WAAP and NDP in action
Strictera
Innovative, scalable, and cost-efficient cybersecurity solutions to safeguard your networks, websites, apps, and APIs from evolving threats
Contact us by email:
Call the number:
Book a demo
Connect with us to explore our solutions or request a personalized offer
Table of contents