07-Apr-2021 09:08
Hi,
As I implement Bot defense profile in transparent mode . WAF start changing request URI and adding Query Parameter in URL. So why it adds Query Parameter and what is the use of these Query Parameter. Please find sample.
Actual APIs
https://www.g2.com/abc/CW
https://www.g2.com/abc/BE
After implementing Bot defense profile in transparent mode, it start adding Query Parameter and requested URI on application shows as:
https://www.g2.com/abc/CW?onComplete=hsyhs0dmpy&ajaxAction=0501010200&time=1617604605017
https://www.g2.com/abc/BE?onComplete=607ce3gu34&ajaxAction=0501010200&time=1617604390326
Please clarify this.
07-Apr-2021 13:07
I think this can be because of the Javascript fingerprint or the JavaScript challenge that the bot defence uses:
https://devcentral.f5.com/s/articles/proactive-bot-defense-using-big-ip-asm-25685
https://support.f5.com/csp/article/K19556739