ASM blocks clients that don't accept cookies

In reading the notes about the grace interval it sounds like it uses those request to see if it can determine you to be human if in 200 requests it cannot determine that then you get blocked. However, I think you are not getting the grace interval applied to you because you are not allowing cookies to be set, which is a requirement for Web Scraping to work properly. The ASM is probably just automatically marking you bad because you are not allowing the cookies because it needs those to use the grace period to determine if you are human or not.

 

 

As far as why did ASM ignore your white list, I am not sure. If you entered the correct IP and subnet of your client then I would assume it would not apply web scraping detection to you. I am not sure if the cookie not being set would throw everything off for web scraping, but in case of simple IP white listing I would not think so. You might want to open a support case on that particular piece and get them to look at it for you. If you do open a case please post your finding back to this thread.

 

 

Mike