cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

F5 Bot defense Profile

Rahul_Rana
Nimbostratus
Nimbostratus

Hi,

 

As I implement Bot defense profile in transparent mode . WAF start changing request URI and adding Query Parameter in URL. So why it adds Query Parameter and what is the use of these Query Parameter. Please find sample.

 

Actual APIs

https://www.g2.com/abc/CW

https://www.g2.com/abc/BE

 

After implementing Bot defense profile in transparent mode, it start adding Query Parameter and requested URI on application shows as:

 

https://www.g2.com/abc/CW?onComplete=hsyhs0dmpy&ajaxAction=0501010200&time=1617604605017

https://www.g2.com/abc/BE?onComplete=607ce3gu34&ajaxAction=0501010200&time=1617604390326

 

Please clarify this.

 

1 REPLY 1

I think this can be because of the Javascript fingerprint or the JavaScript challenge that the bot defence uses:

 

 

 

 

https://devcentral.f5.com/s/articles/proactive-bot-defense-using-big-ip-asm-25685

 

https://support.f5.com/csp/article/K19556739