Behavior-Based Web Protection

MacroKeeper

Block abnormal request behavior at the web layer before load reaches the WAS.

MacroKeeper analyzes URL call frequency, POST request patterns, SMS verification requests, signup-to-login flow, and automation-tool access to detect request behavior that is difficult for a human user to perform.

Block before WAS loadDefend SMS verification abuseLimit repeated URL/API callsAuto block and auto releaseManage multiple servers
MacroKeeper behavior-based protection visual
Abnormal requests arriveRepeated SMS verification, automated signups, reservation macros, excessive API calls
MacroKeeper behavior detectionAnalyze web-server request flow, apply policy logic, select block candidates
Server network-layer blockBlock a single IP or range, then release automatically after policy timeout
WAS protectionReduce application-server load, SMS cost, and automated-access damage
01Detect first at the web layer
02Apply policy-based automatic blocking
03Release automatically after timeout
04Support console and web management

MacroKeeper can start as a lightweight operating tool without heavy security appliances or a required database. When needed, it can expand into a web management console, multi-server management, log database, history search, and statistics.

Behavior-Based Detection

Behavior-based detection reduces real operational damage

It does not only count requests. It evaluates service flow and time intervals, then blocks automation patterns that move faster or repeat more heavily than normal users.

SMS verification abuse

Defends against repeated SMS send API calls that increase messaging cost.

Blockable

Automated signups

Detects signup screen, SMS request, and signup completion flows that happen too quickly for humans.

Blockable

Login and API lookup after signup

Limits automation that signs up, logs in immediately, and repeatedly calls key lookup APIs.

Blockable

Reservation/application macros

Blocks excessive repeated hits to reservation, application, and event URLs right after opening time.

Blockable

Lookup API abuse

Limits repeated calls to member, civil-service, order, or status lookup APIs.

Blockable

Automation-tool access

Identifies tool-based access such as curl, wget, Python, axios, Postman, and similar clients.

Blockable

MacroKeeper looks for speed that is hard for humans

Signup accessSignup page or signup API call
SMS verification requestDetect abnormal repeated sending
Signup completionComplete signup immediately after verification
LoginRepeated login right after signup
Key API lookupExcessive calls immediately after service entry

Protection Policies

Apply protection by business URL and request type

Per-URL policy

Apply separate rules to event-open URLs, reservation registration URLs, and lookup APIs. For example, /reserve/open can use strict repeated-access limits while general information pages remain lightly controlled.

POST request protection

Login, verification, signup, payment, and registration APIs create more risk than simple page views. If the same source repeats verification requests or calls key APIs immediately after signup, it becomes a strong restriction candidate.

SMS verification protection

Repeated SMS send APIs create direct cost and service delay. MacroKeeper reduces repeated verification requests before they reach the WAS and SMS provider.

Automation-tool detection

Identify curl, wget, Python, axios, node-fetch, aiohttp, Postman, and other non-browser access patterns. The decision combines business URL, request speed, and repetition instead of relying on a single header.

Server network-layer block

Blocking after the application processes the request is too late. MacroKeeper organizes abnormal sources by IP or range and restricts them at the web layer to reduce WAS, DB, and external API load.

Automatic release

Permanent blocking creates operational risk. Policy durations such as 5 minutes, 30 minutes, or 1 hour reduce long-term false-positive damage and manual release work.

Before and after adoption

Before MacroKeeper

  • Operators find the cause after WAS load rises.
  • SMS cost increases are discovered after the event.
  • IP block and release are handled manually.
  • Policy state can diverge across redundant servers.
  • Log review and customer-response work take time.

After MacroKeeper

  • Abnormal requests are blocked first at the web layer.
  • SMS verification abuse and automation are limited quickly.
  • Blocks are released automatically after policy timeout.
  • Policies and block state can be applied across multiple servers.
  • Operators can review block reasons and history in management screens.

Applicable web-server environments

MacroKeeper can be applied to web-server-based services such as Apache, Nginx, and WebtoB by using request logs and request flow. It is not tied to a single vendor product and is designed to protect the WAS from the web layer.

Start lightweight, expand to centralized management

MacroKeeper supports text-console operation for lightweight use. Policy search, add/delete, testing, and block-history review can work without a separate web server or required database. As operations grow, it can expand to a web console, multi-server management, log database, statistics, and reports.

Lightweight standalone operation

Operate with a text console without requiring a separate web server or database for the protection tool itself.

Web console operation

Review policies, change settings, inspect history, and check per-server application state.

Centralized management

Expand into multi-server management, log database, statistics, and scheduled reports.

MacroKeeper detects abnormal behavior based on the actual request flow of customer services and blocks it at the web layer to reduce server load and operating cost.

Contact us