Overview: Bot Protection

WAF can proactively defend your applications against automated attacks by bots. The bot defense method identifies Layer 7 DoS attacks, web scraping, and brute force attacks and prevents them from starting.

Bot protection helps identify and mitigate attacks before they cause damage to the site. This feature inspects most traffic, but requires fewer resources than traditional web scraping and brute force protections.

In the WAF policy, bot-defense includes 3 things:

1. bot signatures - WAF identifies bots using their user-agent

2. headers check - i.e, JavaScript free classification. WAF checks the request headers and looks for odd things that suggest those are bots.

3. trusted bots - WAF verifies bots that claims to be trusted.

When clients access a protected site for the first time, the system sends a JavaScript challenge to the browser. Therefore, if you plan to use this feature, it is important that clients use browsers that allow JavaScript. If the client successfully evaluates the challenge and resends the request with a valid cookie, your policy allows the client request to reach the server. Requests that do not answer the challenge are not sent to the web server. Requests sent to non-HTML URLs without the cookie are dropped and considered to be bots.

Bot signatures are updated regularly. You can install (add or update) live updates to ensure that your WAF policy’s bot defense is up-to-date with the latest information about known threats.

Bot defense management on BIG-IP Next Central Manager

• Manage Bot Protection on BIG-IP Next Central Manager

• API examples: Manage bot protection

• How To: Install signature updates

Bot defense management in BIG-IP Next Central Manager’s Policy Editor

• How to: Add or update bot signatures

• How to: Change Bot Anomaly Configuration

• How to: Modify Bot Signature Enablement

• How to: Log Bot Defense traffic