I'm building a service with API Gateway + Lambda that tracks email link clicks. The links inside the email lead to my endpoint, which gathers the click info and redirects to another URL. However, I'm detecting that in some cases, some software automatically clicks most of the links, probably to prevent phishing, and the usual suspect here is an antivirus. Since I'm targeting only real user clicks, I want to discard them, but didn't find anything weird in the request headers. How would you check that the request comes from a non user?
Asked
Active
Viewed 50 times
2
davids
- 6,259
- 3
- 29
- 50
-
1If there was a difference then phishers could use that difference to avoid giving phishy content to the automatic antivirus system. Therefore it's in the antiVirus's interest to make their requests look as normal as possible. – Douglas Leeder Oct 10 '16 at 14:34
1 Answers
0
In API Gateway settings, you can turn on CloudWatch logs to see all the request headers. Specifically, you can use $context and $input variables to log context variables like user-agent, source-ip or log all the headers.
If the bots are using exact same user-agent and set of headers, I do not see a way to distinguish them at API Gateway side.
Balaji
- 1,028
- 8
- 12
-
Unfortunately we are already inspecting headers and we can't find any difference among all the requests – davids Oct 06 '16 at 12:02