Forum Discussion
Emil
Altocumulus
AltocumulusF5 Botdefense behind Cloudflare
Hi community,
Does anyone know how to fix botdefense protection profile when we have a setup Client > Cloudflare proxied > F5 AWAF.
It seems that botdefense matches the client browser as malicious bot all the time : Non-browser presenting as FireFox -Edge -Chrome.
GET / HTTP/1.1
Host: XXXXXX
Connection: Keep-Alive
CF-RAY: XXXXXXX
CF-Visitor: {"scheme":"https"}
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
dnt: 1
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
pragma: no-cache
cache-control: no-cache
cookie: XXXXXX
Bot Name Non-browser presenting as FireFox
Bot Class Malicious Bot
Bot Categories Browser Masquerading
I do not see the X-Forwarded; CF-Connecting-IP, CF-IPCountry: headers in the blocked request. I guess it is not showing them when connection is blocked.
Regards.
I found the solution to my problem. In case someone else is having the same issue.
https://support.f5.com/csp/article/K58581034?utm_source=f5support&utm_medium=RSS
- James_Jinwon_Lee
Employee
Please check whether your configuration is related to the below k article.
https://support.f5.com/csp/article/K07408554
EmilHi James,
Thanks for the suggestion. It seems a different scenario. We have suspicious with CAPTCHA and malicious are set to block.
Also the API setting is disabled as per the default config for relaxed bot defense profile.Regards,
Emil- Emil
I found the solution to my problem. In case someone else is having the same issue.
https://support.f5.com/csp/article/K58581034?utm_source=f5support&utm_medium=RSS
