How to allow Google to crawl my Site, when DOS Profile is active?
Hello all, we activated the DDos Protection on our F5 Cluster, but after that Google is no longer able to crawl our site. Although I already set all "Google" Signatures on the "Whitelist". But always when I'm checking the crawl status the Google Bot get's this response: ... Please enable JavaScript to view the page content. And here is the config from our current Profile: security dos profile Homepage { app-service none application { Homepage { bot-defense { browser-legit-captcha disabled browser-legit-enabled disabled mode during-attacks } bot-signatures { categories { "DOS Tool" { action block } "E-Mail Collector" { action block } "Exploit Tool" { action block } "Network Scanner" { action block } "Search Engine" { action report } "Spam Bot" { action block } "Vulnerability Scanner" { action block } "Web Spider" { action block } "Webserver Stress Tool" { action block } Spyware { action block } } check enabled disabled-signatures { "Facebook External Hit" { } "Google AdsBot" { } "Google Desktop" { } "Google Feedfetcher" { } "Google Page Speed Insights" { } "Google Translate" { } "Google favicon" { } "Nokia-WAPToolkit.\* googlebot" { } AppEngine-Google { } Bing { } Google { } Google-Adwords-Instant { } Google-Calendar-Importer { } Google-Sitemaps { } GoogleWebLight { } Google_Analytics_Snippet_Validator { } Java { } Mediapartners-Google { } YahooSeeker { } } } captcha-response { failure { body "You have entered an invalid answer for the question. Please, try again. %DOSL7.captcha.image% %DOSL7.captcha.change% What code is in the image\? %DOSL7.captcha.solution% %DOSL7.captcha.submit%" } first { body "This question is for testing whether you are a human visitor and to prevent automated spam submission. %DOSL7.captcha.image% %DOSL7.captcha.change% What code is in the image\? %DOSL7.captcha.solution% %DOSL7.captcha.submit%" } } ip-whitelist { xxx.xxx.xxx.xxx/xx { } xxx.xxx.xxx.xxx/xx { } xxx.xxx.xxx.xxx/xx { } xxx.xxx.xxx.xxx/xx { } xxx.xxx.xxx.xxx/xx { } xxx.xxx.xxx.xxx/xx { } xxx.xxx.xxx.xxx/xx { } } stress-based { mode blocking } tcp-dump { record-traffic enabled } tps-based { device-client-side-defense enabled device-rate-limiting enabled ip-client-side-defense enabled } } } partition Common whitelist none } Maybe you have a hint for me how to solve this. Current Big-IP version: 12.1.2 - ASM Signatures: v12.1.2/ASM-SignatureFile_20170403_145743 Thanks, ChristophWhy does the Local Traffic policy allow Bot profile to be selected but the iRule can't ?
When I attach DOS and BOT profiles with local traffic policy or iRule I always need a default BOT and DOS profile even when I have a default rule that catches all the traffic. That is one thing but the strangest thing is when I decide to attach a Bot profile with iRule it does not work but the Local traffic policies allow this. I will need to test this but is really strange. This is the first time something is only possible with Local Traffic Policies but I will have to test if it works 🙂
Preventing DDoS attacks on SMS URL
Dear Community, I am facing DDoS attacks on one of our application. The attacker is sending hundred of requests to a URL, which is consuming all of our SMS quota. The attack is originating from multiple IPs. Please inform how I can protect this application API from this kind of DDoS attack from appliation code level. I need help from application security experts and web developers. https://abc.comis frontend & xyz.com is backend api Sample of DDoS reqeust: POST /asdf/service/sendmobilecode HTTP/1.1 Host:xyz.com Authorization: *********** User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Content-Type: application/json Origin:https://abc.com Referer:https://abc.com/ {"number":"91234567890"} Kind RegardsProtecting against DDoS attack
Dear Community, I need help from application security experts and seasoned web developers. We are getting DDoS attacks on the following requests. This attack is targetting our SMS gateway; resulting in triggerig thousands of SMSs. Please inform which kind of protections we can introduce in application level / application code level to protect against this DDoS attack. DDoS Request Sample: POST xyz.com/api/otp/asdf HTTP/1.1 Host: xyz.com Content-Length: 32 Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="90" Accept: application/json, text/plain, */* Authorization: *********** Accept-Language: ar Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Content-Type: application/json Origin: http://abc.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer:http://abc.com Accept-Encoding: gzip, deflate Connection: close {"mobileNumber":"123456789"} Warm Regards
AFM protected object address list creation
Hello, What is the best way to create protection objects which have the same protection profile Create a protection object on Address list containing these IPs or create separate protected objects? noting the number of objects are huge System by default does not allow you to assign a protection profile on a protected group created on address list so you have to apply the following workaround, but it is mentionedThis should be considered experimental only Enable afm.allowtmcvirtuals variable https://my.f5.com/manage/s/article/K59471927 so what is the best way?
Exporting a DDoS Profile
Hi, I have a DDoS profile in my Test environment which I want to export so I can import it into our Production Environment. Is this possible? Recreating the DDoS profile in production is simple enough however we have a third party manage our Production Systems so it would be easier to have them import my policy. Thank you in advance as always. Regards
