Forum Discussion

marta_sl

Nimbostratus

May 12, 2022

Solved

Customized Bot Signature not working

Hi Experts,

I hope someone can help me 🙂

We have BigIP -LTM and and a new ASM module. We have created a Bot Signature to identify our own automatic requests adding a customized User-Agent header, but the Bot Defense do not asociate this signature with the requests, and it marks them as "Alarmed" where they should be marked as "Trusted Bot". However, it identifies the bot with the customized user-agent, but does not categorized it...

Any idea what should we do?

Thank you very much!

security

Nikoolayy1
May 13, 2022
Have you followed the article below to also make a custom category and add the Bot signature to it? Better select Lowest posible risk score for the signature and ad it to "Benign Categories List,"

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-bot-and-attack-signatures-13-0-0/5.html

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/big-ip-asm-attack-and-bot-signatures-14-1-0/02.html

5 Replies

Nikoolayy1
MVP
May 13, 2022
Have you followed the article below to also make a custom category and add the Bot signature to it? Better select Lowest posible risk score for the signature and ad it to "Benign Categories List,"

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-bot-and-attack-signatures-13-0-0/5.html

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/big-ip-asm-attack-and-bot-signatures-14-1-0/02.html
marta_sl
Nimbostratus
May 13, 2022
Hi Nikoolayy1,
thank you very much for your response. I have just read the article you passed me and follow the steps. We are using 15.1 version, so there is no "Bening Categorie". However, I have created a new one for us under "Trusted Bots".
Do we have to mandatory add a Domain? We use Azure for our Apps, and the ip resolve for our domains is different of the IPs used for the request.
Thank you very much for your help!
- Nikoolayy1
  MVP
  May 13, 2022
  Hello, You can just find the same article for writting custom bot signatures but for your version and follow the steps as it states:
  
  "
  
  In the Domains field, type the name of one or more domains from which the bot can send its requests, and click Add.
  This field is mandatory only for benign bots in the Search Engines category to validate their identity using reverse DNS lookup.
  "
  
  https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/big-ip-asm-attack-and-bot-signatures-14-1-0/05.html
marta_sl
Nimbostratus
May 13, 2022
Hi,

thank you very much. I have change the category to " "Untrusted Bot", low risk " meanwhile we solve how to add the Domain, and at least now it identifies and categorize our bot.
Regards!
- Nikoolayy1
  MVP
  May 13, 2022
  Hello, I am happy that the issue is solved. If possible mark the answer as completed, so we can close this thread. Thanks in advance.