Forum Discussion
Nikoolayy1
MVP
MVPF5 AWAF/ASM Bot protection custom signature does not allow the traffic
Hello To All,
I wanted to enable "curl" for a customer just to particular URL and I made custom Bot Signature that matches the "curl" for User-Agent and has the URL and it is using Custom Categ...
Hi Nikoolayy1,
Bot Defense will prefer it's own curl signature over your custom signature.
iRule is the way.Funny note on the side - in September or October I had the exact same issue and got the answer from an F5 engineer... from Spain if I'm not mistaken. Can't find my notes from back then right now.
KR
Daniel
Daniel_WolfMVP
MVPHi Nikoolayy1,
Bot Defense will prefer it's own curl signature over your custom signature.
iRule is the way.
Funny note on the side - in September or October I had the exact same issue and got the answer from an F5 engineer... from Spain if I'm not mistaken. Can't find my notes from back then right now.
KR
Daniel
- Nikoolayy1
Thanks for confirming what I suspected Daniel_Wolf but it is still funny 😁
Also too bad the Local traffic policies can only be used to change or disable the Bot profile for a URL and not just to bypass for specific signature as they only work for the HTTP_REQUEST event and not the Bot events after that as I wanted to make the life of my customer easier. I know one of the small F5 experts that likes the Local policies but just don't kill me with stones 😃
It is funny how I did write the iRule after testing this on 15.1x and 16.1x and I was going to make a code share post and I saw the post was made a long time ago about with version 13.x.
- Daniel_Wolf
For the sake of completeness, I found my notes on that matter.
If the BIG-IP finds more than one signature matching the request, it will enforce the more severe action.
