Bot protection¶
Overview¶
WAF can proactively defend your applications against automated attacks by bots. The bot defense method identifies Layer 7 DoS attacks, web scraping, and brute force attacks and prevents them from starting.
Bot protection helps identify and mitigate attacks before they cause damage to the site. This feature inspects most traffic, but requires fewer resources than traditional web scraping and brute force protections.
In the WAF policy, bot protection includes 3 things:
bot signatures - WAF identifies bots using their user-agent
headers check - i.e, JavaScript free classification. WAF checks the request headers and looks for odd things that suggest those are bots.
trusted bots - WAF verifies bots that claims to be trusted.
When clients access a protected site for the first time, the system sends a JavaScript challenge to the browser. Therefore, if you plan to use this feature, it is important that clients use browsers that allow JavaScript. If the client successfully evaluates the challenge and resends the request with a valid cookie, your policy allows the client request to reach the server. Requests that do not answer the challenge are not sent to the web server. Requests sent to non-HTML URLs without the cookie are dropped and considered to be bots.
Bot signatures are updated regularly. You can install (add or update) live updates to ensure that your WAF policy’s bot defense is up-to-date with the latest information about known threats.
Prerequisites¶
Verify any attached application services to ensure proper security after changes are deployed.
You need to have a user role of Security Manager or Administrator to manage a WAF policy.
If you have not yet installed automatic live updates, ensure you have the latest bot sigantures installed:
How to configure Bot Protection¶
Manage Bot Protection¶
Use the following procedure enable or manage Bot protection. When enabled, you can fine-tune the bot mitigation settings and exceptions.
Click the workspace icon next to the F5 icon, and click Security.
From the left menu click Policies under WAF.
Select the name of the policy.
A panel for the General Settings opens.
From the panel menu, click Bot Protection.
To enable or disable Bot Protection, toggle the Enable button. When disabled, no further settings are displayed.
Manage bot mitigation settings:
Ignore - All bot signatures and anomalies of this mitigation class are disabled and are not checked.
Detect- Bot detection is preformed and logged, but the request is not flagged with an alarm or blocked.
Alarm - Bot detection is performed, and flagged with an alert, but the request is not blocked.
Alarm & Block - Bot detection is performed, flagged with an alert, and the request is blocked.
To add an exception for a known bot signature:
Click Add Exception.
Select one or more bot signature names.
Select the action from the buttons on the top right of the list.
Confirm the action. The bot signature(s) is listed under the exceptions.
Click Save.
To save and immediately deploy changes, click Save & Deploy.
Resources¶
Configure using API¶
Bot protection management using the policy Editor¶
Edit the WAF policy JSON declaration directly through the WAF policy editor.