For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mrsy_201754's avatar
mrsy_201754
Icon for Nimbostratus rankNimbostratus
Aug 11, 2015

Bot protection for client application that doesn't use cookies

Hello all,

 

We have a REST API that doesn't use/accept any cookies. API is accesses from a domain like abc.com/api. All the data is sent and received as JSON. The application owners wish to utilize web-scraping protection on F5. From what I see in the F5 documentation, web scraping protection is possible with TS cookies. Is there an alternative/workaround for this kind of situation?

 

Thanks in advance

 

ASM Advanced WAF
security

1 Reply

  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Aug 13, 2015

    Can you supply more details on how the API is invoked? What clients make requests to it, and how are those requests initiated?

     

    For instance, is the API accessed by servers or web clients (e.g. browsers)?