Checklist: steps needed before activating protection

Your account is now premium, you're a few steps away from protecting your traffic.
Protection will be effective only when you switch ON Global protection

1. Check Server-Side and Client-Side integration

You can check that DataDome is implemented correctly by verifying the below:

  • The Server-Side module needs to be setup on all endpoints (Web/API)
  • The JavaScript tag must be setup on all pages
  • Make sure you have integrated our Listener for AJAX call or a Single Page Application

2. Check endpoints configuration

Your traffic can be divided into several endpoints:

An endpoint is part of your website architecture: web, mobile app API, web services, etc.
Adding an endpoint allows DataDome to apply the right algorithms and detect specific bots.

Check your endpoints:

In the left sidebar, click on "Configuration" and go to "Endpoints" on the sub-menu (direct link).

Check to see if you find endpoints, such as:

  • Websites
  • Mobile application APIs
  • Web services
  • Etc.

Configuration Check:
For each endpoint, check:

  • The regular expressions (inclusion / exclusion) defining the endpoint
  • Is the protection active (in the "Protection" column)

If you have any questions, please contact DataDome.

3. Bad Bots Review

By default, a Captcha will be displayed for all bad bots.

Look for Technical partners

Check the most active bad bots IPs to make sure no Technical partners have been left out.

Go to Explore and select "Bad bots" in the Rule Type menu and IP dimension on the left side.
You will get the bad bots IPs list sorted by traffic size (largest to smallest):

In the list, verify the following:

  • Your partners’ IPs (billing tools, health checker, etc.)
  • Your servers’ IPs
  • Your load balancers’ IPs. In this case, allow the IPs that are using a Trusted proxy.

You can whitelist your partners or completely block unwanted traffic, as shown here.

4. Good Bots Review

By default, all good bots will be whitelisted.

Check each bot's status, particularly "Technical partners" including bots from payment services (e.g. PayPal, etc.), health check (e.g. Pingdom), etc.
You can change a bot status using the Captcha switch as shown below:

5. Commercial Bots Review

By default, all commercial bots will be blocked.

You can change the bot status by clicking on the switch as shown below:

6. Enable Global Protection

Your account is now ready. You can activate protection.

Go to general blocking:

Switch ON the global protection button to enable protection, then confirm your choice.

Congratulations, you are now protected against undesired bot traffic.