ASM bot detection

Question

Folks&nbsp;
I have requirement to enable bot detection in F5 ASM policy for my application access via only mobile browsers or PC browsers not through mobile app, how i can avoid false positive here which detect by ASM.
I understand that f5 inject java script in order to verify client integrity, what is the best practice here to achieve my goal.  
&nbsp;
any input appreciated.&nbsp;

dfff_314403 · Answer

ErkkiS, won't this defeat only primitive bots? &nbsp;

samstep · Answer

You need to have 2 separate ASM policies - one for browsers and a separate one for the smartphone app. The browser policy will have full bot detection features enabled and the smartphone app policy will have JavaScript-requiring options in bot/anomaly detection switched off and relying more on IP-based anomaly detection features of ASM. &nbsp;
I assume you already have a separate Virtual Server for the mobile app, but if not then you can easily route the incoming traffic to two different ASM policies depending on the User-Agent header using Local Traffic Policy. &nbsp;
Hope this helps,&nbsp;
Sam&nbsp;

Forum Discussion

ASM bot detection

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

F5 Distributed Cloud JA4 detection for enhanced performance and detection

Bot Management Strategy - Defense against malicious bots with F5 Distributed Cloud Bot Defense

Proactive Bot Defense Using BIG-IP ASM

More Web Scraping - Bot Detection

Ridiculously Easy Bot Protection: How to Use BIG-IP APM to Streamline Bot Defense Implementation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS