ltm rule event BOTDEFENSE ACTIONΒΆ

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



BOTDEFENSE_ACTION
       Bot Defense event upon HTTP request, after action is decided.

DESCRIPTION
       Triggered immediately prior to taking an action on a transaction. The
       event may be used to override the default behavior, and/or to log the
       action taken.

       This event is always triggered when Proactive Bot Defense is enabled on
       the DOS profile, unless the request is mitigated by dosl7 attack. The
       event will also be triggered if Proactive Bot Defense is disabled, but
       a Bot Signature was detected on the request, whether for blocking or
       for reporting.

       Most of the command that are available on the HTTP_REQUEST event are
       also available on the BOTDEFENSE_ACTION event.

       Note that commands which may suspend iRule processing are currently not
       supported in this event and should not be used. Partial list of these
       commands: after, persist, session, table, and RESOLV::lookup.

Examples
	# EXAMPLE 1: Send parsed Bot Defense data and action to High Speed Logging
	when BOTDEFENSE_ACTION {
	    set log "BOTDEFENSE:"
	    append log " uri [HTTP::uri]"
	    append log " cs_possible [BOTDEFENSE::cs_possible]"
	    append log " cs_allowed [BOTDEFENSE::cs_allowed]"
	    append log " cs_attribute(device_id) [BOTDEFENSE::cs_attribute device_id]"
	    append log " cookie_status [BOTDEFENSE::cookie_status]"
	    append log " cookie_age [BOTDEFENSE::cookie_age]"
	    append log " device_id [BOTDEFENSE::device_id]"
	    append log " support_id [BOTDEFENSE::support_id]"
	    append log " previous_action [BOTDEFENSE::previous_action]"
	    append log " previous_support_id [BOTDEFENSE::previous_support_id]"
	    append log " previous_request_age [BOTDEFENSE::previous_request_age]"
	    append log " bot_signature [BOTDEFENSE::bot_signature]"
	    append log " bot_signature_category [BOTDEFENSE::bot_signature_category]"
	    append log " captcha_status [BOTDEFENSE::captcha_status]"
	    append log " captcha_age [BOTDEFENSE::captcha_age]"
	    append log " default action [BOTDEFENSE::action]"
	    append log " reason \"[BOTDEFENSE::reason]\""
	    log local0. $log
	    HSL::send $hsl $log
	}

	# EXAMPLE 2: Bypassing enforcement on URL pattern
	when BOTDEFENSE_ACTION {
	    if {[HTTP::uri] starts_with "/t/"} {
		log local0. "bypassing enforcement for URI [HTTP::uri]"
		set res [BOTDEFENSE::action allow]
		log local0. "set action to allow, result \"$res\""
		log local0. "resulting action [BOTDEFENSE::action] reason \"[BOTDEFENSE::reason]\""
	    }
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-12.1 --First introduced the event.



BIG-IP				  2017-01-31			      iRule(1)