F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

tpimpao's avatar
tpimpao
Icon for Altostratus rankAltostratus
Dec 05, 2023

F5 ASM | Bot Signature

Hi! I need to create a signature based in more than one header in the request payload. I see some articles about the bot signatures and if i understand correctly the signature only work for the User...
security
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Dec 05, 2023

Hi tpimpao,

seems you are right. Testing with 16.1 and 17.1 the "Advanced Mode" only allows the following tags:

  • headercontent (cannot be used without useragentonly)
  • uricontent

Other options and modifiers (as documented in https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-attack-and-bot-signatures-14-1-0/signature-syntax.html) do not work.
Please read also: BIG-IP Application Security Manager: Attack and Bot Signatures > Writing Custom Bot Signatures 

You could write an iRule, that will check for multiple headers or others attributes of the HTTP request and then block the request.

KR,
Daniel