Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dhal.rokad.co/llms.txt

Use this file to discover all available pages before exploring further.

Bot defense

Dhal scores suspicious bot-like requests using headers, user agents, and automation signals. 
{
  "rules": {
    "bot": {
      "enabled": true,
      "scoreThreshold": 70,
      "blockEmptyUserAgent": false,
      "suspiciousUserAgents": [
        "headlesschrome",
        "phantomjs",
        "selenium",
        "puppeteer",
        "playwright",
        "python-requests",
        "aiohttp"
      ],
      "falsePositiveControls": {
        "minSignals": 2,
        "skipStaticAssets": true,
        "ignorePaths": ["/healthz", "/health", "/readyz", "/favicon.ico"],
        "ignorePrivateIps": false
      }
    }
  }
}

False-positive controls

Use:
  • minSignals to require multiple indicators;
  • skipStaticAssets to avoid noisy asset requests;
  • ignorePaths for health checks and known safe routes;
  • allowUserAgents for trusted automated clients.

Rollout

Start bot rules in monitor, inspect events, then enforce on sensitive routes.