web scraping

Yes, it is possible to customize the blocking response page. In v14 and later, web scraping is a microservice within the bot defense profile. You can customize the response on the general settings page of the bot defense profile. Click the Custom tab as shown here and then edit and preview the response.

Yes it is! In v13, web scraping is configured under Anomaly Detection. After you configure the desired thresholds, go to Security > Application Security > Policy > Response Pages. You can build a custom response page there in exactly the same way. Does this help?

I see. You will need to write an iRule for that. The iRule below should work--but you will need to find the exact name of the web scraping violation (I don't know it off the top of my head) and then add it to the iRule. Then make sure you enable iRule processing on the security policy.

Something like this:

when ASM_REQUEST_BLOCKING {

    if { [lindex [ASM::violation_data] 0] contains "WEB_SCRAPING_DETECTED" } {

    log local3. "WEB_SCRAPING_DETECTED"

    set response "<html><head><title>Your Page Title Here</title></head><body>Your message text here.</body></html>"

    ASM::payload replace 0 [ASM::payload length] ""

    ASM::payload replace 0 0 $response

    set asm_payload_length [ASM::payload length]

  }

}

when HTTP_RESPONSE_RELEASE {

  if { [info exists asm_payload_length] }{

    if {$asm_payload_length > 0} {

      HTTP::header remove Content-Length

      HTTP::header insert Content-Length $asm_payload_length

    }