Forum Discussion
Jason_64846
Nimbostratus
NimbostratusEnabling ASM for media content servers
Currently we have a group of servers that are all load balanced
thru LTM that are responsible for serving up all the images to a number of our websites. All the images resolve on their own separate media domain.
Example image element src would be the following on any of our main sites:
http://mediadomain.com/img.axd?id=AX234s3C
My main question here is basically what’s the best practice for protecting
these media servers?
Ideally we would
like to prevent scrapers from accessing this data.
However I don’t know if the web scraping detection
will work because I am not sure if the browser will be asking for image content and it could possibly
get back the JS challenge page. Which won’t be image content thus the browser
will probably just not serve the image back to the client and even worse flag a legit user as a scraper since the JS challenge was not responded too.
Is our only option in this case to turn on
ASM with web scraping off and also have DoS Prevention turned on?
I’m just curious how others may be
approaching this and what solutions seem to be working out the best. Any info
would be appreciated.
JamesS_40157Hi Jason,
I am by no means an ASM expert but I don't believe web scraping functionality would work here - i believe it relies on HTML pages to insert JS challenges and obviously won't be able to insert this into image content.
To protect scraping of content the way I see it is to have your content numbered randomly with no predictable syntax, and protect the pages that serve the content with the web scraping technology. Obviously that could require quite a bit of dev time and infrastructure changes internally!
Jason_64846Thanks for the input James. I am thinking along the same lines as you, in that ASM would probably not help us much other than in the event of a DOS attack.