Forum Discussion

Altostratus

Dec 05, 2023

F5 ASM | Bot Signature

Hi! I need to create a signature based in more than one header in the request payload. I see some articles about the bot signatures and if i understand correctly the signature only work for the User...

security

Daniel_Wolf

MVP

Dec 05, 2023

Hi tpimpao,

seems you are right. Testing with 16.1 and 17.1 the "Advanced Mode" only allows the following tags:

headercontent (cannot be used without useragentonly)
uricontent

Other options and modifiers (as documented in https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-attack-and-bot-signatures-14-1-0/signature-syntax.html) do not work.
Please read also: BIG-IP Application Security Manager: Attack and Bot Signatures > Writing Custom Bot Signatures

You could write an iRule, that will check for multiple headers or others attributes of the HTTP request and then block the request.

KR,
Daniel

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 ASM | Bot Signature

Recent Discussions

Upgrade F5 BIGIP

MAC address of deleted VS IP address still responsive

ports are showing open on online scanning tool

how to whitelist new source IP on F5 web UI access

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

Related Content

BoT Defense Profile, Signature Enforcement

Bot Management Strategy - Defense against malicious bots with F5 Distributed Cloud Bot Defense

Customized Bot Signature not working

Proactive Bot Defense Bypass by Bot Signature

F5 AWAF/ASM Bot protection custom signature does not allow the traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS