Proactive Bot Defense Using BIG-IP ASM

Bots are everywhere.  Some of them are nice, desirable bots; but many of them are not.  By definition, a bot is a software application that runs automated tasks (scripts) over the Internet.  The desi...
Updated Jun 06, 2023
Version 2.0
ASM Advanced WAF
bot
security
ltwagnon's avatar
ltwagnon
Ret. Employee
Jan 24, 2018

Hi zack...great questions! As you mentioned, the ASM can detect if a browser is "suspicious" but the question, of course, is "how does it do that?"

 

While the very specific details are in the secret sauce, I can tell you that suspicious browser checks are related to:

 

  • Browser spoofing (a browser claiming to be something it is not)
  • Detecting malicious browsers/automation – such as TOR, Selenium etc.
  • Suspicious behavior such as no flash support, no history, etc.

All of these checks have internal scoring mechanisms which ultimately lead to a value. If the value crosses a certain threshold, the browser is considered suspicious; if it crosses an even larger threshold, it is considered malicious.

 

I hope this helps!