Today, we’re excited to announce the addition of Web Bot Auth (WBA) support in AWS WAF, providing a secure and standardized way to authenticate legitimate AI agents and automated tools accessing web applications. This new capability helps distinguish trusted bot traffic from potentially harmful automated access attempts.
Web Bot Auth is an authentication method that leverages cryptographic signatures in HTTP messages to verifythat a request comes from an automated bot. Web Bot Auth is used as a verification method for verified bots and signed agents. It relies on two active IETF drafts: a directory draft allowing the crawler to share their public keys, and a protocol draft defining how these keys should be used to attach crawler’s identity to HTTP requests.
AWS WAF now automatically allows verified AI agent traffic Verified WBA bots will now be automatically allowed by default, previously Category AI blocked unverified bots, this behavior is now refined to respect WBA verification.
To learn more, please review the documentation.
Categories: marketing:marchitecture/security-identity-and-compliance,general:products/aws-waf
Source: Amazon Web Services
Latest Posts
- (Updated) Microsoft 365 Copilot: Navigation refresh in the M365 Copilot app [MC1187677]
- Microsoft 365 Copilot for Sales – Engage prospects faster with Sales Agent-enriched leads [MC1231406]
- (Updated) Migration update for Office 365 connectors retirement in Teams – webhook URL support [MC1181996]
- AWS Backup adds cross-Region database snapshot copy to logically air-gapped vaults
