Social Media
Government
Streaming
Online Delivery
Finance
iGaming
E-commerce
Travel
Ads
Healthcare
Account takeoverPreventing unauthorized logins
Multi-accountingPreventing duplicate accounts
Data scrapingSafeguarding sensitive business data
API AbuseDetecting abnormal API activity
Account sharingIdentifying shared accounts
Fake accountsBlocking fake registrations
Brute force attackBlock automated credential attacks
Form spamFiltering automated submissions
Coupon fraudPreventing promo exploitation
SMS pumpingMitigating SMS-based fraud
Industries
Use Cases
DocumentationBlogPricing
Log in
Start for Free
OpenResty
OpenResty
Copy Integration Prompt
Integrate BotBye bot protection into an OpenResty/nginx setup using the botbye-openresty Lua module. 1. Install the module on the server: sudo luarocks install botbye-openresty 2. In the nginx.conf http block, add BotBye configuration inside init_by_lua_block and start the background request worker with init_worker_by_lua_block: http { resolver 8.8.8.8; lua_ssl_verify_depth 3; lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; // adjust path for your OS init_by_lua_block { require("botbye").setConf({ botbye_server_key = '00000000-0000-0000-0000-000000000000' }) } init_worker_by_lua_block { require("botbye").initRequest() } } 3. In the server/location block that handles protected traffic, add an access_by_lua_block: location / { access_by_lua_block { if ngx.req.is_internal() == false then local token = ngx.req.get_headers()['x-botbye-token'] local res = require("botbye").validateRequest(token) if res.result and res.result.isAllowed == false then ngx.exit(403) end end } } ngx.req.is_internal() prevents sending sub-requests (internal redirects) to BotBye. 4. After saving the config, reload OpenResty gracefully: sudo service openresty reload Available config keys in setConf: botbye_server_key (required), botbye_endpoint (default: https://verify.botbye.com), botbye_connection_timeout (default: 1000 ms). Full integration guide: https://botbye.com/docs/server-side/open-resty.md When the integration is complete, ask for the keys and replace the placeholder in the appropriate places.
Ask ChatGPT
Ask Claude
Ask Perplexity

Installation

On your server run the following command:

1

sudo luarocks install botbye-openresty

Configuration

Add the BotBye configuration below to the http block.

server-key available inside your Project.

By default, the configuration is located /usr/local/openresty/nginx/conf/nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

http {
    # ...

    # BotBye configuration
    resolver 8.8.8.8;

    lua_ssl_verify_depth 3;
    lua_ssl_trusted_certificate /path/to/certs/ca-certificates.crt;

    init_by_lua_block {
        require("botbye").setConf({
            # Use your project server-key
            botbye_server_key = '00000000-0000-0000-0000-000000000000';
        });
    }

    init_worker_by_lua_block {
        require("botbye").initRequest()
    }

    #....
}

Make sure to replace the lua_ssl_trusted_certificate. For example, Ubuntu certificate path: /etc/ssl/certs/ca-certificates.crt

Usage

1. Add the following BotBye logic to a location block.

For some OpenResty distributions, this part is NOT located inside nginx.conf but in /usr/nginx/conf.d/default.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

   server {
    # ...

        location / {
            #...

            # BotBye configuration
            access_by_lua_block {
                if ngx.req.is_internal() == false then
                    -- Get token from header or any place you store it.
                    -- For example in "x-botbye-token" header
                    local token = ngx.req.get_headers()['x-botbye-token']
                    local res = require("botbye").validateRequest(token)

                    if res.result and res.result.isAllowed == false then
                        ngx.exit(403)
                    end
                end
            }
        }
    # ...
    }

Using ngx.req.is_internal() avoids sending requests to BotBye when the calls are internal.

2. Reload OpenResty.

The command below will gracefully reload the configuration and apply any changes while serving existing connections.

1

sudo service openresty reload

Settings

Setting Description Required Default Value
botbye_server_key Your BotBye server side key yes -
botbye_endpoint Host of the API Server no https://verify.botbye.com
botbye_connection_timeout Timeout for regular API calls no 1000 (in milliseconds)

Demo

Dockerfile with the set up and the configuration to help you to integrate BotBye.

Examples of BotBye API responses

Bot detected:

1
2
3
4
5
6
7

{
  "reqId": "f77b2abd-c5d7-44f0-be4f-174b04876583",
  "result": {
    "isAllowed": false
  },
  "error": "Automation tool used"
}

Bot not detected:

1
2
3
4
5
6
7

{
  "reqId": "f77b2abd-c5d7-44f0-be4f-174b04876583",
  "result": {
    "isAllowed": true
  },
  "error": null
}

Request banned by custom rule:

1
2
3
4
5
6
7
8
9

{
  "reqId": "f77b2abd-c5d7-44f0-be4f-174b04876583",
  "result": {
    "isAllowed": false
  },
  "error": {
    "message": "Banned by rule: MY_CUSTOM_RULE"
  }
}

Invalid server-key:

1
2
3
4
5
6
7

{
  "reqId": "f77b2abd-c5d7-44f0-be4f-174b04876583",
  "result": null,
  "error": {
    "message": "[BotBye] Bad Request: Invalid Server Key"
  }
}