Forum Discussion
ASM Captcha for registering page (not login page) - possible or APM modul needed?
- Jun 19, 2022
This is exactly why the Bot Profile is used but you play around and read more about the F5 Advanced WAF as then when you have played around and read about it if you issue that you can't solve then better to use the F5 community or the F5 TAC for help.
https://www.youtube.com/watch?v=zSw4boZmNBA
For F5 advanced waf :
https://www.f5.com/services/training/free-training-courses/getting-started-with-f5-advanced-waf
https://support.f5.com/csp/article/K85426947
https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-getting-started.html
From what I have seen better not block the bad bots but to just drop the connection or use honey pot page and rate limit them as when you block they will simply start using another attacking bot tool and the game starts again. Also if your dev team has a bad application that does not send for example emails for confirmation for the registration then it is not ok as also when te bot uses an existing email better just say check your email for confimation and for existing account an email can be send informing them that they have already an account and so on.
This is exactly why the Bot Profile is used but you play around and read more about the F5 Advanced WAF as then when you have played around and read about it if you issue that you can't solve then better to use the F5 community or the F5 TAC for help.
https://www.youtube.com/watch?v=zSw4boZmNBA
For F5 advanced waf :
https://www.f5.com/services/training/free-training-courses/getting-started-with-f5-advanced-waf
https://support.f5.com/csp/article/K85426947
https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-getting-started.html
From what I have seen better not block the bad bots but to just drop the connection or use honey pot page and rate limit them as when you block they will simply start using another attacking bot tool and the game starts again. Also if your dev team has a bad application that does not send for example emails for confirmation for the registration then it is not ok as also when te bot uses an existing email better just say check your email for confimation and for existing account an email can be send informing them that they have already an account and so on.
- DaliJun 24, 2022Altostratus
Thank you for the info / links, Nikoolayy1 !
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com