For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

garrett's avatar
garrett
Icon for Nimbostratus rankNimbostratus
Oct 06, 2021

Bot protection "Browser Verification" results/experience

I am just wondering what everyones user experience has been with "Browser Verification" when enabling anything other than then the defaults via any Bot Protection profile.   For instance if I ha...
ASM Advanced WAF
security
Romain_SALMON's avatar
Romain_SALMON
Icon for Altostratus rankAltostratus
Feb 07, 2024

Hello,

The presence of the “X-Requested-With: XMLHttpRequest” header indicates that the request is sent by an AJAX call which explains this malfunction. Indeed, javascript originally of this call is not capable of responding to the challenge sent by the F5 gateway. 

 

The only way was to change the LTM policy configured : FOR AJAX CALLS

If http header named X-Requested-With exists at request then enable asm and disable botdefense.

FOR API RESTful or SOAP : 

IF http header full string named Content-Type contains any of json /XML at request

enable asm and disable botdefense at request time.

 

Nevertheless, this exception can open access to scrappers... So i still didn't do it.

Have a great day,