Forum Discussion

wish20's avatar
wish20
Icon for Altostratus rankAltostratus
Dec 05, 2023

Howto enable BIG-IP ASM client fingerprinting

Hi,

Can anyone tell me how to change the value of send-javascript-fingerprint to enabled

security bot-defense asm-profile ASM_policy1 {
app-service none
flags 0
inject-javascript disabled
send-brute-force-challenge disabled
send-javascript-challenge disabled
send-javascript-efoxy disabled
send-javascript-fingerprint disabled
}

  • try following from tmsh mode

     

    modify security bot-defense asm-profile ASM_policy1 send-javascript-fingerprint enabled

  • rburch's avatar
    rburch
    Icon for Nimbostratus rankNimbostratus

    I would also like a bit more clarification on what each line is?  Like are these settings in the GUI or are they only TMSH?

     

    security bot-defense asm-profile ASM_testpol {

    app-service none

    clientside-in-use disabled

    flags 0 

    inject-javascript disabled

    persistent-data-validity-period 

    send-brute-force-challenge disabled 

    send-javascript-challenge disabled <-- is this the browser challenge or?

    send-javascript-efoxy disabled <-- cannot find out what this is?

    send-javascript-fingerprint disabled <-- device ID .js?

  • rburch's avatar
    rburch
    Icon for Nimbostratus rankNimbostratus

    Does anyone know why this command (below) not work?  We replaced the ASM_policy1 with the name of the correct ASM policy but we cannot seem to enable anything?

    modify security bot-defense asm-profile ASM_policy1 send-javascript-fingerprint enabled

    • rburch's avatar
      rburch
      Icon for Nimbostratus rankNimbostratus

      I have realized this is command issues is due to the version of BIG-IP we are on 16 and this no longer works as it did with 14.  

  • try following from tmsh mode

     

    modify security bot-defense asm-profile ASM_policy1 send-javascript-fingerprint enabled