cancel
Showing results for 
Search instead for 
Did you mean: 

ASM Captcha for registering page (not login page) - possible or APM modul needed?

Dali
Altostratus
Altostratus

Hello,

I need to use ASM Captcha feature for registering page - it means Captcha is active/visible from the first client attepmt/access of the registering page to prevent robots of creating accounts. (application is not compatible with google recaptcha so I try find out substitution of it).

Is it needed to use Captcha feature via APM (not ASM)?

OR

the use of ASM Bot defense can help with this?

Thank you for advice in advance,

Dalibor

1 ACCEPTED SOLUTION

This is exactly why the Bot Profile is used but you play around and read more about the F5 Advanced WAF as then when you have played around and read about it if you issue that you can't solve then better to use the F5 community or the F5 TAC for help.

 

https://community.f5.com/t5/technical-articles/http-brute-force-mitigation-playbook-bot-profile-for-...

 

https://community.f5.com/t5/technical-forum/what-is-f5-asm-conviction-and-can-it-be-used-for-configu...

 

https://www.youtube.com/watch?v=zSw4boZmNBA

 

 

For F5 advanced waf :

 

https://www.f5.com/services/training/free-training-courses/getting-started-with-f5-advanced-waf

 

https://support.f5.com/csp/article/K85426947

https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-getting-started.html

 

 

 

From what I have seen better not block the bad bots but to just drop the connection or use honey pot page and rate limit them as when you block they will simply start using another attacking bot tool and the game starts again. Also if your dev team has a bad application that does not send for example emails for confirmation for the registration then it is not ok as also when te bot uses an existing email better just say check your email for confimation and for existing account an email can be send informing them that they have already an account and so on.

View solution in original post

5 REPLIES 5

This is exactly why the Bot Profile is used but you play around and read more about the F5 Advanced WAF as then when you have played around and read about it if you issue that you can't solve then better to use the F5 community or the F5 TAC for help.

 

https://community.f5.com/t5/technical-articles/http-brute-force-mitigation-playbook-bot-profile-for-...

 

https://community.f5.com/t5/technical-forum/what-is-f5-asm-conviction-and-can-it-be-used-for-configu...

 

https://www.youtube.com/watch?v=zSw4boZmNBA

 

 

For F5 advanced waf :

 

https://www.f5.com/services/training/free-training-courses/getting-started-with-f5-advanced-waf

 

https://support.f5.com/csp/article/K85426947

https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-getting-started.html

 

 

 

From what I have seen better not block the bad bots but to just drop the connection or use honey pot page and rate limit them as when you block they will simply start using another attacking bot tool and the game starts again. Also if your dev team has a bad application that does not send for example emails for confirmation for the registration then it is not ok as also when te bot uses an existing email better just say check your email for confimation and for existing account an email can be send informing them that they have already an account and so on.

Thank you for the info / links, Nikoolayy1 !

LiefZimmerman
Community Manager
Community Manager

- If your post was solved it would be helpful to the community if you selected *Accept As Solution* on the relevant reply (or replies). This helps future readers find answers more quickly and confirms the efforts of those who helped.

Thanks for being part of our community.
Lief

------
Lief ZimmermanLiefZimmerman | @LiefZF5 | DevCentral Community Manager

Hello Lief, I did not apply any solution yet but I can mark it as "Accept as Solution" based on the links provided by Nikoolayy1.

LiefZimmerman
Community Manager
Community Manager

Pre-emptive solutioning 😄 - I like it.
@Nikoolayy1 does know this stuff pretty well! Thanks!

------
Lief ZimmermanLiefZimmerman | @LiefZF5 | DevCentral Community Manager