Forum Discussion
F5 Advanced WAF/ASM and Shape intergration is the AWAF Bot defense profile still needed?
- Oct 06, 2022
Double-checked. Also, to clarify, definitely not a mirror. Load balanced proxies is probably the best way.
I have read somewhere that for login web pages/URL and sign-up (account creation web pages) then it is much better to use Shape security but there is not much info if the Advanced WAF bot profile or the Shape security should be used for the other pages. Maybe where we want CAPTCHA (not that advanced bots don't bypass that 🙂 ) the Advanced WAF is needed as Shape can't do that but I am just guessing:
https://support.f5.com/csp/article/K42323285
For now I will see it till someone shares more info that more important URL pages like login web pages/URL and sign-up pages to use Shape if the customer wants shape but to maybe pay less and if the custome has no issue to use Shape for everything then only use the Bot profile for the CAPTCHA if it is a requirement.
I am refering to this web page but it is not from F5 and it was made in 2020 but is still a great article:
https://wtit.com/f5-advanced-waf-and-shape-layered-security-is-best/
This is a great question!
So, as someone who sold this stuff for 12 years - both BIG-IP and XC, I can tell you this: Shape is the Cadillac. You will see f5 strive to offer same services everywhere, though. Today, BIG-IP's best Bot option seems to be AWAF Bot defense profile. XC has its own Bot defense.. same signatures as AWAF. Shape is an upgrade option to both AND SHOULD BE USED IN LIEU OF, because of the AI / ML component. Shape is far from a signature based bot defense. Not every customer feels they need that much dynamic bot defense, so we are simply striving to offer options. If you are using Shape for bot, though.. sure turn off the AWAF bot piece. Of course.. the rest of AWAF is genius and should still be used for day to day usage understanding.
- Nikoolayy1Oct 05, 2022MVP
Thanks for the great information. Can I ask just one more thing? The F5 Big-IP and Shape integration can also handle API traffic where javascript can't be inserted by mirroring the traffic from the BIG-IP to the Shape servers right? Similar to the Bot Protection Profile "Challenge-Free Verification" that can be used for API traffic without the injection of a javascript if I am not wrong.
- AubreyKingF5Oct 05, 2022Moderator
I believe so, yes. I'm double-checking to be sure.
And yes. Shape can be load balanced for on-prem / high performance type situations.
- AubreyKingF5Oct 06, 2022Moderator
Double-checked. Also, to clarify, definitely not a mirror. Load balanced proxies is probably the best way.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com