ASM BotNet Detection and Java Script

Question

We are trying to use ASM to block some Web Requests if they are from a Bot, or if volume gets too high.&nbsp;
Can someone explain when JavaScript enetrs the picture and if it interacts with the BotNet Detection parameters?&nbsp;
Specifically:
1) If JavaScript does not exist in the Browser or Bot Script, does that automatically classify the PC as a Bot.  Or, do the counters then kick in, such as Grace Period, Page Changes per time period, and only if the Page Changes are too high is s the PC blocked for the unsafe interval?&nbsp;
or&nbsp;
2)  If JavaScript does exist and can respond, does that mean the PC is automatically classified as not being a bot?    Or, even if there is a javascript response, are the botnet counters still used to try and see if it is a bot.   So, if there is a positive javascript response, if the PC exceeds the number of Page Changes per Interval, will it's traffic then be blocked?&nbsp;

waleed_osama_23 · Answer

I accidentally enabled Botnoet prevention on a virtual server that accepts both HTTP and non HTTP clients.
And they ended up being considered as a botnet attack.&nbsp;

Forum Discussion

ASM BotNet Detection and Java Script

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

2026 301a exam

F5OS login with admin/root failed via console

UCS Encryption Question

Unblock Request WAF

Related Content

F5 Distributed Cloud JA4 detection for enhanced performance and detection

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Re: BIG-IP security hardening and compliance checks script

APM Optimisation Script

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS