cancel
Showing results for 
Search instead for 
Did you mean: 

Enable Bot Defense profile in irule

Firat_Y
Nimbostratus
Nimbostratus

Hi,

 

I wanna change my current bot defense profile in a specific condition(like during DDOS attack) via iRule. I don't want to use LTM policy. Do you have any idea?

1 REPLY 1

Brad_Scherer
F5 Employee
F5 Employee

Hello Firat,

What are you changing the profile from and to during the attack? I'd like to understand a little more about the use case. 

You do have a few options. One thing to keep in mind is that the bot profile operates at L7. At F5, DDoS is considered volumetric Layer 4 and is handled by the DoS profile that comes with AFM. There are no iRule commands associated with L4 DoS since many of the vectors are mitigated in our FPGA hardware on supported systems. iRules can not be invoked from DDoS events at that level.

Advanced WAF/ASM comes with a L7 DoS profile and a separate Bot profile both of which can be applied to virtual servers. The L7 DoS profile has several scopes from both a client and server-side perspective and can even pick up distributed attacks. You can find all the available DOSL7 and BOTDEFENSE iRule commands here

Brad