Forum Discussion

MVP

Oct 13, 2022

Why does the Local Traffic policy allow Bot profile to be selected but the iRule can't ?

When I attach DOS and BOT profiles with local traffic policy or iRule I always need a default BOT and DOS profile even when I have a default rule that catches all the traffic. That is one thing but t...

Kevin_Stewart
Oct 13, 2022
Two things:

You need to have a profile applied to a VIP to engage that HUD filter. From there you can programmatically enable/disable the profile.

The error in the iRule indicates that BOTDEFENSE::enable doesn't take an extra parameter. It just enables the attached BD profile. An LTM policy can uniquely select and apply a BD profile.

Kevin_Stewart

Employee

Two things:

You need to have a profile applied to a VIP to engage that HUD filter. From there you can programmatically enable/disable the profile.
The error in the iRule indicates that BOTDEFENSE::enable doesn't take an extra parameter. It just enables the attached BD profile. An LTM policy can uniquely select and apply a BD profile.

Nikoolayy1

MVP

Oct 14, 2022

Kevin to the rescue. Thanks and I tested it and it works fine. The bot defence has better whitelist based on url and/or Ip address not just ip address as the DOS profile but to stop a specific protection for API traffic based on HTTP header like Browser valudation and Device ID was not possible and started doing the irule below but the one that unblocks the client side challenge and it is suggested at https://clouddocs.f5.com/api/irules/BOTDEFENSE__cs_possible.html is wrong for me (the one irulefor deviceid is ok) as if the API traffic can't reply to javascript and this irule will not block it but this will also unblock it for every bot violation that will trigger TCP RST if I am not wrong or maybe as the other Bot violations returns support id web page maybe they will not match the tcp_rst.

Still thanks again!

https://clouddocs.f5.com/api/irules/BOTDEFENSE__cs_possible.html

https://clouddocs.f5.com/api/irules/BOTDEFENSE__cs_attribute.html

# EXAMPLE: Prevent blocking of requests that cannot be responded with a
 # client-side challenge.
 when BOTDEFENSE_ACTION {
     if {    ([BOTDEFENSE::action] eq "tcp_rst") &&
             (not [BOTDEFENSE::cs_possible])} {
         BOTDEFENSE::action allow
     }
 }

 when BOTDEFENSE_REQUEST {
     BOTDEFENSE::cs_attribute device_id enable
 }

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Why does the Local Traffic policy allow Bot profile to be selected but the iRule can't ?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Selective mutual authentication by HTTP::Host

Logging TLS traffic less than TLSv1.2

Traffic Shaping and Atlassian Jira

Selective SNAT problem

ASM Logging profile w/ Remote Storage

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS