F5 ASM User Agent handling

Question

Hello Experts,&nbsp;&nbsp;How to allow user-agents (Example : mogilla, ucf, any custom user agent, android browser) on F5 ASM if it is blocked by ASM.&nbsp; We checked some articles where it is suggested to block the user agent via iRule. but in our case we want to control the same through ASM itself.&nbsp;Rgds&nbsp;

danskow · Answer

Hello,The options are:iRule to drop requests. If you want to keep track of how many requests are dropped by the iRule, you can create a Statistics profile that increments by 1 every time the iRule event is triggered. I can post more details about this if you want, but I do this for a different situation and have a cron job that logs the amount of hits each day, then resets the counter.Create a custom ASM Attack Signature for "Matched Element Header, Matched Criteria &lt;custom user agent&gt;"&nbsp;Create a custom Bot Signature for "User Agent contains &lt;custom user agent&gt;"&nbsp;Whatever option you choose, make sure you test it in a dev environment first, or an attack signature set that is only set to alarm.&nbsp;

eagertolearn · Answer

Hi All,&nbsp;&nbsp;Requesting If anyone can reply.

eagertolearn · Answer

Thanks Dan

Forum Discussion

F5 ASM User Agent handling

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Update your DevCentral user profile

iRules LX Sideband Connection - Handling timeouts

User-Agent Irule to avoid APM policy

User access to servers

Custom attack signature syntax for multiple user agents

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS