Forum Discussion
AltocumulusF5 BOT DEFENSE AWAF blocked some legitimate browsers
Hi Community,
May I ask if F5's AWAF Bot Defense is still not being refined cause it causes some request from browsers to log it as a Malicious Bot, and therefore, this causes to block the request? May I ask what is the best practice for implementing the BOT defense feature?
Thank you and have a nice day!
Regards,
Zeigfred
fred_zeig77 hello Here are a couple things to look at that may help answer your questions.
As for is it still being defined(updated) yes as a Security module it is updated with new attack signatures
For your second question about a Best Practices for implementing the Bot Defense.This article should help with that.
Configuring Bot Defense
Some further things you can check on
K58581034: Bot defense blocks traffic with anomaly ''Invalid HTTP Headers Presence or Order''If you are still having trouble, I would suggest reaching out to our Support engineers to assist.
2 Replies
- Jmtaylor
Moderator
fred_zeig77 hello Here are a couple things to look at that may help answer your questions.
As for is it still being defined(updated) yes as a Security module it is updated with new attack signatures
For your second question about a Best Practices for implementing the Bot Defense.This article should help with that.
Configuring Bot Defense
Some further things you can check on
K58581034: Bot defense blocks traffic with anomaly ''Invalid HTTP Headers Presence or Order''If you are still having trouble, I would suggest reaching out to our Support engineers to assist.
fred_zeig77Oh Thank you for these links, sir!
I read it and saw the part that it requires the F5 device to have DNS resolver configured. Is this a necessity for the whole function to work properly or just some other features of BOT defense cause it is the practice of our client to disallow any dns lookups from their DMZ server environment? Maybe that is why I got false positives in bot defense?
