Forum Discussion
Jeremiah-Swanso
Nimbostratus
NimbostratusWeb Scraping Configuration
We would like some clarification on the F5 Web Scraping Application Security that we can't seem to find.
Does this block based on session or IP? If a bot is detected during the grace interval, a...
Jeremiah-SwansoNimbostratus
NimbostratusThanks for the reply, Nathan. I had noticed the "Persistent Client Identification" after I made this post. We currently don't have this set, but from reading the help information is sounds like its what we might want - "Specifies, when enabled, that you want the system to log and/or prevent attackers from circumventing web scraping protection by resetting sessions and sending requests. The default setting is disabled. This setting appears after Session Opening is set to Alarm or Alarm and Block."
We tried applying this to one of our security policies but it was causing issues with actual clients that should not be blocked so we had to disable it right away. We will need to get more information on this setting, and its subsequent settings to see what is the best way to have it configured so we can block scrapers from just opening new sessions and not affect users.
natheCirrocumulus
Thanks for the update. Be great if you could feedback what else you find in your testing