Forum Discussion

Domai's avatar
Domai
Icon for Altostratus rankAltostratus
Jul 17, 2019

ASM BOT detetcion issue - white screen

Hello Guys I have a web application behind ASM the policy is configured to have Bot Detection Alarm and Block. So far so good. The issue is when the users access the application a particular "Show info" button opens up a pop up window and display's the user info. The users are getting white screen since the day I enabled Bot Detection. So I was using developer tools and looking at the body and I see the below error - 

<script type="text/javascript" src="/TSPD/0870622412ab2000ca4919f07d73102aeedfefad4817f0a4177ba7f5ec03894f000342aadc5505b8?type=12"></script>

<noscript>Please enable JavaScript to view the page content.<br/>Your support ID is: 112772715698977636648.</noscript>

</head><body>

The support ID is not been recorded in the "Event Logs". I opened up an F5 ticket and its not going anywhere...

I was wondering if anyone out there are experiencing the same issue and how to go about fixing this rather than just disable the Bot Detection.

I always thought any block by ASM would display the block page...in this case it does not, the end users just see the white screen.

Thank you.

application delivery
ASM Advanced WAF
  • morgan's avatar
    morgan
    Icon for Nimbostratus rankNimbostratus
    Jun 03, 2020

    Hello,

     

     

    I have the same issue but i dont find where it can block :

     

    1. <script type="text/javascript"src="/TSPD/xxxxtype=7"></script> ==> error 404

     

    <noscript>Please enable JavaScript to view the page content.<br/>Your support ID is:2863389210886531621.</noscript>

     

    </head><body>

     

     

    in "security => Event Logs : Bot Defense : Requests" i can find the ID but the request status is "legal" and the action is allow .

     

     

    The Browser return a blank page not the ID. I run on 13.1.1.5 too.

     

    thanks for your return, best regards

     

  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Jul 17, 2019

    Which version of BIG-IP are you running? Also, it will be helpful to log bot defense activity, which does not show up in the Event Logs used to report application security policy activity. Create a custom logging profile, and be sure to enable bot defense:

     

    Then you can go to Event Logs : Bot Defense : Bot ReQuests to help isolate the problem.

     

    • Domai's avatar
      Domai
      Icon for Altostratus rankAltostratus
      Jul 17, 2019

      I am running 13.1.1.5, and I don't see the options that you shared on your screenshot.

      Above is what i see in version 13.1.1.5

       

       

      • Ivan_Chernenkii's avatar
        Ivan_Chernenkii
        Icon for Employee rankEmployee
        Jun 03, 2020

        Hello Domai,

         

        If I am not wrong you are talking about "Proactive Bot Defense" feature, which is enabled in your DoS profile.

        If this is so, then to see blocked requests you need to enable "Log Challenged Requests" in logging profile. Also, in addition, you can enable "Log Legal Requests" too.

         

        About issue in pop-up window... Do you use AJAX request for it? If this is so, then you need to enable "Single Page Application" in "General Settings" of your dos profile.

         

        Do you use only "Proactive Bot Defense" feature or you also use some other Client-Side features like "Web Scraping"?

        Is it expected that users of your application have disabled JavaScript?

         

        Thanks, Ivan