I am just wondering what everyones user experience has been with "Browser Verification" when enabling anything other than then the defaults via any Bot Protection profile.
For instance if I have Browser Verification set to anything other then "Challenge Free Verification" in our Sharepoint environments, "funky" things will happen such as users getting bot error/reference ID page when attempting to sign out or or an EXTREME amount of false positives occur and user traffic is impacted.
In environments with older Java based apps, it will cause some browsers to automatically sign out when clicking any link in the web application after login (as if cookie persistence is blocked).
I have gone back and forth with F5 in almost all my attempts to enable this future (as browser fingerprinting is something we really would like to utilize) but we just cant get it working in most cases (even with work arounds such as single page application or enable a DOS profile in transparent mode).
Is something like Device ID+ the solution for all of my problems? https://www.f5.com/products/security/shape-security/f5-device-idplus
The problem with the strict parameter 'verify before access' was about the marketing (SEO) : the website was loaded twice and i had a problem to access straight to a jpg or png image if i didn't accessed to the website before. I changed this morning this parameter to this one : "verify after access".
Browser Masquerading (Malicious Bot). ==> I tryed to put this one with the "Alarm" action ==> Request still blocked.