Forum Discussion
Nikoolayy1 I have bellow LTM policy on my VS:
for bw_botd I have these settings to accomodate the app:
and this to go more aggressively on the browser:
Btw I think enabling SPA does make it work more smoothly - thanks 🙂
I'm using 16.1.3.3.
And you have tested that something like curl, browser where cookies are or apache benchmark are blocked when accessing urls that are protected with bot profile that has "Verify After Access" and it is the javascript checks not the signatures that block them?
This can be seen in the traffic logs for bot or just opening browser and blocking it to accept cookies and you will see if you are truly blocked and you will also see the javascript message.
- Nikoolayy1Mar 14, 2023MVP
I am asking as I think on 16.1.3.2 I think that had seen the same limitation and this means that the identification and fingerprinting are little bit more limited and it could be related also to your issue as I think the fingerprinting is less accurate.
https://cdn.f5.com/product/bugtracker/ID703129.html
You can also update the Bot signatures just in case as many such issues are solved with signature upgrade.
Also the workarounds like modify sys db botdefense.suspicious_js_score value 60 or dosl7.browser_legit_min_score can be done till F5 maybe fixes the signatures.
https://cdn.f5.com/product/bugtracker/ID1029373.html
https://cdn.f5.com/product/bugtracker/ID699772.html
- lnxgeekMar 14, 2023MVP
Definitely some settings I will dig into.
Thanks yet again.