cancel
Showing results for 
Search instead for 
Did you mean: 

F5 ASM/AWAF Bot Defense Logging

eLeCtRoN
Altostratus
Altostratus

Hello,

short question, in a F5 ASM/AWAF under Secureity -> Event Logs -> Bot Defense -> Bot Requests, I see a lot of requests from my google loadbalancer which is in from of the F5. Ther is the request info "ALARMED" and the Mitigation Action "Alarm (Untrusted Bot) this are just healthchecks from the google loadbalancer and iit is coming always from the same IP range, is it possibel to exclude that range from the Bot Defense Request Logging ? For example, inside the WAF Policie I can care a IP Address exception list to do no Logs from a specific range but how can I do that for the Bot Defense ?

3 REPLIES 3

Hi @eLeCtRoN ,

Please check this article which has two sections that discuss adding exceptions by either:

  • the matched mitigation type, or
  • via allowlist using one of the specific IP address, geolocation, and/or URL.

https://support.f5.com/csp/article/K42323285

Thanks.
Josh

Hi Josh,

thank you for your response, I explained I have in front google LBs in a specific range, I did already that range on the whitelist at the bot defense profile but I see it at the described log location always it is not a log exclusion list, mitigation action is not possible because I want to see in the log mitigation action but just not from a specific range otherwise I have to see whats going on, the google LBs triggering so much requests in some case it is heavy to analyses the log because it is to much rubbish inside ! 

Another option could be to create an iRule to match the criteria the Google LB uses and then trigger a the BOTDEFENSE::disable command https://clouddocs.f5.com/api/irules/BOTDEFENSE__disable.html