For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tpimpao's avatar
tpimpao
Icon for Altostratus rankAltostratus
Dec 05, 2023

F5 ASM | Bot Signature

Hi! I need to create a signature based in more than one header in the request payload. I see some articles about the bot signatures and if i understand correctly the signature only work for the User...
security
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Dec 05, 2023

Hi tpimpao,

seems you are right. Testing with 16.1 and 17.1 the "Advanced Mode" only allows the following tags:

  • headercontent (cannot be used without useragentonly)
  • uricontent

Other options and modifiers (as documented in https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-attack-and-bot-signatures-14-1-0/signature-syntax.html) do not work.
Please read also: BIG-IP Application Security Manager: Attack and Bot Signatures > Writing Custom Bot Signatures 

You could write an iRule, that will check for multiple headers or others attributes of the HTTP request and then block the request.

KR,
Daniel