Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Per_A_236144's avatar
Per_A_236144
Icon for Nimbostratus rankNimbostratus
Apr 20, 2017

Use of captcha without Proactive Bot Defense enable

Hi We will like to use the captha on URI's we test for in a datagroup in a Irule. Can we do that without the use of a DOS profile with Proactive Bot Defence enable? set res [BOTDEFENSE::action...
application delivery
ASM Advanced WAF
irules
Per_A_236144's avatar
Per_A_236144
Icon for Nimbostratus rankNimbostratus
Apr 20, 2017

Hi

I have a virtual server with DOS profile without Pro Active Bot Defence and a ASM policy. There is a http profile on.

My irule I test with:

when HTTP_REQUEST {
    log local5. "Before captcha_challenge" 
    set res captcha_challenge
    if {$res ne "ok"} {
        log local5. "Unable to send captcha_challenge: "
    }
    log local5. "After captcha_challenge"    
}

From log:

: Before captcha_challenge
: Unable to send captcha_challenge:
: After captcha_challenge

But there is no captcha challenge as I was hoping for.

When using Pro Active Bot Defence I can get it to work, but the javascript do not fit to our web site so nice and it also stop Internet explore version 11 to stop in InPivate mode.

: resulting action tcp_rst reason "suspicious browser"