For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Anwar_csengg_25's avatar
Anwar_csengg_25
Icon for Nimbostratus rankNimbostratus
Mar 20, 2016

fix needed for ASM Web scraping attack

Dear Folks,   Here I am explaining the scenario what we are facing in our environment.   When user perform any activity in the applications, then Request is not going to the server. Requests ha...
ASM Advanced WAF
devops
security
Khay_164420's avatar
Khay_164420
Historic F5 Account
Mar 22, 2016

Hi Anwar,

 

I would strongly suggest you to first read this SOL: Web Scraping in 12.0 just to understand what Web scraping does and how the different features (bot detection, session opening, etc.) work.

 

Then, there are several ways to deal with these false positives:

 

  • Adjust the thresholds in the Web Scraping configuration
  • Whitelist the IP addresses in the Web Scraping configuration if there are well known IP addresses
  • Remove the blocking flag for this feature (the security policy will be weakened then)