Forum Discussion
Why does the Local Traffic policy allow Bot profile to be selected but the iRule can't ?
- Oct 13, 2022
Two things:
- You need to have a profile applied to a VIP to engage that HUD filter. From there you can programmatically enable/disable the profile.
- The error in the iRule indicates that BOTDEFENSE::enable doesn't take an extra parameter. It just enables the attached BD profile. An LTM policy can uniquely select and apply a BD profile.
Two things:
- You need to have a profile applied to a VIP to engage that HUD filter. From there you can programmatically enable/disable the profile.
- The error in the iRule indicates that BOTDEFENSE::enable doesn't take an extra parameter. It just enables the attached BD profile. An LTM policy can uniquely select and apply a BD profile.
- Nikoolayy1Oct 14, 2022MVP
Kevin to the rescue. Thanks and I tested it and it works fine. The bot defence has better whitelist based on url and/or Ip address not just ip address as the DOS profile but to stop a specific protection for API traffic based on HTTP header like Browser valudation and Device ID was not possible and started doing the irule below but the one that unblocks the client side challenge and it is suggested at https://clouddocs.f5.com/api/irules/BOTDEFENSE__cs_possible.html is wrong for me (the one irulefor deviceid is ok) as if the API traffic can't reply to javascript and this irule will not block it but this will also unblock it for every bot violation that will trigger TCP RST if I am not wrong or maybe as the other Bot violations returns support id web page maybe they will not match the tcp_rst.
Still thanks again!
https://clouddocs.f5.com/api/irules/BOTDEFENSE__cs_possible.html
https://clouddocs.f5.com/api/irules/BOTDEFENSE__cs_attribute.html
# EXAMPLE: Prevent blocking of requests that cannot be responded with a # client-side challenge. when BOTDEFENSE_ACTION { if { ([BOTDEFENSE::action] eq "tcp_rst") && (not [BOTDEFENSE::cs_possible])} { BOTDEFENSE::action allow } }
when BOTDEFENSE_REQUEST { BOTDEFENSE::cs_attribute device_id enable }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com