Proactive Bot Defense Using BIG-IP ASM
Bots are everywhere. Some of them are nice, desirable bots; but many of them are not. By definition, a bot is a software application that runs automated tasks (scripts) over the Internet. The desi...
Updated Jun 06, 2023
Version 2.0
@Piotr and @zack, thanks for the questions about the "Grace Period" and the "Grace Interval". Admittedly, these two terms are very similar, but they are not exactly the same thing.
To be specific, the "Grace Interval" is a setting in the ASM for Anomaly Detection >> Web Scraping, and the "Grace Period" is a setting in the DoS profile of the ASM.
The "Grace Interval" is measured in number of requests (default is 100), and this is the maximum number of page requests that the ASM will review while it determines is the client is a bot or a human. During this period, the ASM can figure out if the client is bot or human, and as soon as it does, it switches to either the "Safe Interval" if it determines the client is human, or the "Unsafe Interval" if it determines the client is a bot. So, it's true to say that the ASM is trying to detect if the client is a bot during this "Grace Interval" number of requests.
Now, to "Grace Period"...this is a setting in the "Proactive Bot Defense" section of the DoS profile in the ASM, and it is measured in seconds, not requests. This "Grace Period" is the amount of time the ASM allows a client to load web pages (with both HTML and non-HTML) without being blocked. Here's when the "Grace Period" starts:
- after client validation
- after a configuration change
- when Proactive Bot Defense is activated as a result of a detected attack or high latency
During the "Grace Period" the ASM is not checking to see if the client is a bot or not.
I hope this helps!