For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Snl's avatar
Snl
Icon for Cirrostratus rankCirrostratus
Sep 07, 2017

ASM bot detection

Folks   I have requirement to enable bot detection in F5 ASM policy for my application access via only mobile browsers or PC browsers not through mobile app, how i can avoid false positive here wh...
application delivery
ASM Advanced WAF
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Oct 18, 2017

You need to have 2 separate ASM policies - one for browsers and a separate one for the smartphone app. The browser policy will have full bot detection features enabled and the smartphone app policy will have JavaScript-requiring options in bot/anomaly detection switched off and relying more on IP-based anomaly detection features of ASM.

 

I assume you already have a separate Virtual Server for the mobile app, but if not then you can easily route the incoming traffic to two different ASM policies depending on the User-Agent header using Local Traffic Policy.

 

Hope this helps,

 

Sam