Behavior-Based Web Protection
MacroKeeper
Block abnormal request behavior at the web layer before load reaches the WAS.
MacroKeeper analyzes URL call frequency, POST request patterns, SMS verification requests, signup-to-login flow, and automation-tool access to detect request behavior that is difficult for a human user to perform.
MacroKeeper can start as a lightweight operating tool without heavy security appliances or a required database. When needed, it can expand into a web management console, multi-server management, log database, history search, and statistics.
Behavior-Based Detection
Behavior-based detection reduces real operational damage
It does not only count requests. It evaluates service flow and time intervals, then blocks automation patterns that move faster or repeat more heavily than normal users.
SMS verification abuse
Defends against repeated SMS send API calls that increase messaging cost.
Automated signups
Detects signup screen, SMS request, and signup completion flows that happen too quickly for humans.
Login and API lookup after signup
Limits automation that signs up, logs in immediately, and repeatedly calls key lookup APIs.
Reservation/application macros
Blocks excessive repeated hits to reservation, application, and event URLs right after opening time.
Lookup API abuse
Limits repeated calls to member, civil-service, order, or status lookup APIs.
Automation-tool access
Identifies tool-based access such as curl, wget, Python, axios, Postman, and similar clients.
MacroKeeper looks for speed that is hard for humans
Protection Policies
Apply protection by business URL and request type
Per-URL policy
Apply separate rules to event-open URLs, reservation registration URLs, and lookup APIs. For example, /reserve/open can use strict repeated-access limits while general information pages remain lightly controlled.
POST request protection
Login, verification, signup, payment, and registration APIs create more risk than simple page views. If the same source repeats verification requests or calls key APIs immediately after signup, it becomes a strong restriction candidate.
SMS verification protection
Repeated SMS send APIs create direct cost and service delay. MacroKeeper reduces repeated verification requests before they reach the WAS and SMS provider.
Automation-tool detection
Identify curl, wget, Python, axios, node-fetch, aiohttp, Postman, and other non-browser access patterns. The decision combines business URL, request speed, and repetition instead of relying on a single header.
Server network-layer block
Blocking after the application processes the request is too late. MacroKeeper organizes abnormal sources by IP or range and restricts them at the web layer to reduce WAS, DB, and external API load.
Automatic release
Permanent blocking creates operational risk. Policy durations such as 5 minutes, 30 minutes, or 1 hour reduce long-term false-positive damage and manual release work.
Before and after adoption
Before MacroKeeper
- Operators find the cause after WAS load rises.
- SMS cost increases are discovered after the event.
- IP block and release are handled manually.
- Policy state can diverge across redundant servers.
- Log review and customer-response work take time.
After MacroKeeper
- Abnormal requests are blocked first at the web layer.
- SMS verification abuse and automation are limited quickly.
- Blocks are released automatically after policy timeout.
- Policies and block state can be applied across multiple servers.
- Operators can review block reasons and history in management screens.
Applicable web-server environments
MacroKeeper can be applied to web-server-based services such as Apache, Nginx, and WebtoB by using request logs and request flow. It is not tied to a single vendor product and is designed to protect the WAS from the web layer.
Start lightweight, expand to centralized management
MacroKeeper supports text-console operation for lightweight use. Policy search, add/delete, testing, and block-history review can work without a separate web server or required database. As operations grow, it can expand to a web console, multi-server management, log database, statistics, and reports.
Lightweight standalone operation
Operate with a text console without requiring a separate web server or database for the protection tool itself.
Web console operation
Review policies, change settings, inspect history, and check per-server application state.
Centralized management
Expand into multi-server management, log database, statistics, and scheduled reports.