Policies
Configure enforcement policies for Gateway and Middleware
Overview
Policies define how Checkpoint handles detected AI agents and bots. When a request is classified by the Gateway or Middleware, the policy engine evaluates the detection result and determines the response action.
Policy Evaluation Order
Policies are evaluated in priority order. The first matching rule wins:
1. Allow list (highest priority)
2. Deny list
3. Path-based rules
4. Confidence threshold
5. Default action (lowest priority)Available Actions
| Action | Description | HTTP Response |
|---|---|---|
allow | Let the request through | Proxied to origin |
block | Reject the request | 403 Forbidden |
redirect | Send to a different URL | 302 Redirect |
challenge | Present a verification challenge | Challenge page |
log | Record the detection, don't act | Proxied to origin |
Policy Configuration
Via the Dashboard
- Navigate to Project Settings → Enforce
- Click Configure Policy on your Gateway or Middleware
- Set rules using the policy editor
- Save and apply
JSON Configuration
{
"defaultAction": "allow",
"blockThreshold": 80,
"allowList": ["Googlebot", "Bingbot", "Yandex"],
"denyList": ["malicious-bot", "scraper-ua"],
"pathRules": [
{
"pattern": "/api/*",
"action": "block",
"minConfidence": 70
},
{
"pattern": "/public/*",
"action": "log"
},
{
"pattern": "/checkout/*",
"action": "block",
"minConfidence": 50
}
]
}Allow List
The allow list has the highest priority. User agents matching the allow list are always allowed through, regardless of detection results.
Common entries:
| Bot | Purpose |
|---|---|
Googlebot | Google search crawler |
Bingbot | Microsoft search crawler |
Yandex | Yandex search crawler |
Slurp | Yahoo search crawler |
facebookexternalhit | Facebook link preview |
Twitterbot | Twitter/X link preview |
Checkpoint verifies that allowed bots are authentic by checking their IP addresses against known ranges. A request claiming to be Googlebot from an unknown IP will still be detected.
Deny List
The deny list blocks specific user agents or identifiers. Deny list entries are checked after the allow list but before other rules.
You can also manage deny list entries from the Deny List tab in the project dashboard, which supports blocking by:
- User agent string
- IP address or CIDR range
- Browser/device fingerprint
Path-Based Rules
Apply different policies to different URL paths:
{
"pathRules": [
{
"pattern": "/api/admin/*",
"action": "block",
"minConfidence": 50
},
{
"pattern": "/api/public/*",
"action": "log"
},
{
"pattern": "/checkout/*",
"action": "redirect",
"redirectUrl": "/bot-detected",
"minConfidence": 70
}
]
}Rule Fields
| Field | Type | Required | Description |
|---|---|---|---|
pattern | string | Yes | URL path pattern (supports * wildcard) |
action | string | Yes | One of: allow, block, redirect, challenge, log |
minConfidence | number | No | Minimum confidence score to trigger (0–100) |
redirectUrl | string | No | URL to redirect to (required for redirect action) |
Confidence Threshold
The global blockThreshold sets the minimum confidence score required to enforce the default blocking action:
{
"blockThreshold": 80,
"defaultAction": "block"
}With this configuration, only detections with confidence ≥ 80 are blocked. Lower-confidence detections are logged but allowed through.
Choosing a Threshold
| Threshold | Effect | Use Case |
|---|---|---|
| 90–100 | Very strict | Low-risk pages, gradual rollout |
| 70–89 | Balanced | General use (recommended) |
| 50–69 | Aggressive | High-security pages |
| Below 50 | Very aggressive | Not recommended |
Start with 90+ and lower gradually as you review accuracy. This prevents blocking legitimate traffic.
Default Action
The defaultAction applies when no other rule matches:
"allow"— Allow all unmatched traffic (recommended starting point)"block"— Block all detected agents above the threshold"log"— Log detections without taking action
MCP-I Integration
Policies can integrate with Govern features. Agents that present valid MCP-I proofs can be treated differently:
- Agents with valid delegations can be allow-listed automatically
- Agents without proofs follow standard policy evaluation
- This enables a "known agents welcome, unknown agents blocked" approach
Testing Policies
- Set your policy to
"log"mode initially - Monitor detections in the dashboard
- Review classifications and confidence scores
- Adjust thresholds and rules based on real traffic
- Switch to
"block"or"redirect"when confident
Next Steps
- Detection in Enforce Mode — Understand detection signals
- Gateway Enforcement — DNS-based policy enforcement
- Middleware Enforcement — Code-based policy enforcement
- Monitoring — Track policy effectiveness