Forum Discussion
Mohanad
Cirrostratus
CirrostratusHow to implement Device ID+ with BIG-IP ASM/AWAF
Hello Everyone, I'm trying to test out Device ID+ with BIG-IP AWAF, I followed this: Click here for more information on comprehensive BIG-IP iApp deployment and configuration options. i confi...
Daniel_Wolf
MVP
MVPHow do you want to identify a bot by only looking at diA? You would need to have a list of known good identifiers (maybe all devices belonging to your company?) and then make an iRule action based on this list.
Or you could store Device ID+ identifiers and build a custom solution that would, for example, rate limit this device, or block the device if it appears from different geolocations within unreasonable time (now in USA, 10 seconds later in Sweden or so).
What I want to say is, that the device identifier from DID+ does not mean anything to Bot Defense. You will have to build a custom solution and "business logic" around it.
Daniel_WolfMVP
MVPYou can follow along this video of Matthieu Dierick from F5:
https://www.youtube.com/watch?v=PVYwh76nGVE&t=10s
In his Github Repo (https://github.com/MattDierick/DeviceID-api-server) you can take a closer look at his solution.
However he is using APM, not AdvWAF.
He build an API to store information about the user and the diA and diB. You can either use his API or build a similiar one with https://loopback.io/.
The big missing piece is how to store the diA and diB in this API with AdvWAF instead of APM. Be creative :)