Forum Discussion
PowerShellDon_1
Jan 28, 2016Nimbostratus
ASM - Proactive Bot Defense - No Logs?
Hi all
I have a Virtual Server with an Application Security and DoS Profile applied to it.
The DoS profile just contains Proactive Bot Defense, Always On. Other features of DoS profile are off.
...
jba3126
Jun 21, 2018Cirrus
I have the following iRule that at least the browser detection is working; however I'm uncertain as to how to test the tcp_rst action.
when BOTDEFENSE_ACTION {
if { [BOTDEFENSE::action] eq "browser_challenge" || [BOTDEFENSE::action] eq "tcp_rst" } {
set log "BOTDEFENSE:"
set hsl [HSL::open -proto TCP -pool /Common/HSL-Syslog]
append log " source [IP::remote_addr]"
append log " vs [virtual]"
append log " host [HTTP::host]"
append log " uri [HTTP::uri]"
append log " cs_possible [BOTDEFENSE::cs_possible]"
append log " cs_allowed [BOTDEFENSE::cs_allowed]"
append log " cs_attribute(device_id) [BOTDEFENSE::cs_attribute device_id]"
append log " cookie_status [BOTDEFENSE::cookie_status]"
append log " cookie_age [BOTDEFENSE::cookie_age]"
append log " device_id [BOTDEFENSE::device_id]"
append log " captcha_status [BOTDEFENSE::captcha_status]"
append log " captcha_age [BOTDEFENSE::captcha_age]"
append log " default action [BOTDEFENSE::action]"
append log " reason \"[BOTDEFENSE::reason]\""
Remove comment on line below if you want to see bot defense logs in /var/log/ltm
log local0. $log
HSL::send $hsl $log
}
}
/jeff
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects