BOTDEFENSE_ACTION¶
Description¶
Triggered immediately prior to taking an action on a transaction. The
event may be used to override the default behavior, and/or to log the
action taken.
This event is always triggered when Proactive Bot Defense is enabled
on the DOS profile, unless the request is mitigated by dosl7 attack.
The event will also be triggered if Proactive Bot Defense is disabled,
but a Bot Signature was detected on the request, whether for blocking
or for reporting.
Most of the command that are available on the HTTP_REQUEST event are
also available on the BOTDEFENSE_ACTION event.
Note that commands which may suspend iRule processing are currently
not supported in this event and should not be used. Partial list of
these commands: after, persist, session, table, and RESOLV::lookup.
Warning
Deprecated in BIG-IP Next v20.0.1
Examples¶
Example 1: Send parsed Bot Defense data and action to High Speed Logging
when BOTDEFENSE_ACTION {
set log "BOTDEFENSE:"
append log " uri [HTTP::uri]"
append log " cs_possible [BOTDEFENSE::cs_possible]"
append log " cs_allowed [BOTDEFENSE::cs_allowed]"
append log " cs_attribute(device_id) [BOTDEFENSE::cs_attribute device_id]"
append log " cookie_status [BOTDEFENSE::cookie_status]"
append log " cookie_age [BOTDEFENSE::cookie_age]"
append log " device_id [BOTDEFENSE::device_id]"
append log " support_id [BOTDEFENSE::support_id]"
append log " previous_action [BOTDEFENSE::previous_action]"
append log " previous_support_id [BOTDEFENSE::previous_support_id]"
append log " previous_request_age [BOTDEFENSE::previous_request_age]"
append log " bot_signature [BOTDEFENSE::bot_signature]"
append log " bot_signature_category [BOTDEFENSE::bot_signature_category]"
append log " captcha_status [BOTDEFENSE::captcha_status]"
append log " captcha_age [BOTDEFENSE::captcha_age]"
append log " default action [BOTDEFENSE::action]"
append log " reason \"[BOTDEFENSE::reason]\""
log local0. $log
HSL::send $hsl $log
}
Example 2: Bypassing enforcement on URL pattern
when BOTDEFENSE_ACTION {
if {[HTTP::uri] starts_with "/t/"} {
log local0. "bypassing enforcement for URI [HTTP::uri]"
set res [BOTDEFENSE::action allow]
log local0. "set action to allow, result \"$res\""
log local0. "resulting action [BOTDEFENSE::action] reason \"[BOTDEFENSE::reason]\""
}
}
Change Log¶
- Introduced: BIGIP-12.1
- Deprecated: BIGIP-20.0.1
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.