ltm rule command BOTDEFENSE client class¶

iRule(1) BIG-IP TMSH Manual iRule(1)

BOTDEFENSE::client_class
Returns the classification of the client based on the current request and its browsing history. When invoked
from BOTDEFENSE_REQUEST event the command reflects the classification based on bot signature, or on the
browser anomalies found for this client (if any), if the client was initially classified as a browser by its
User-Agent string, or "unknown" in any other case. When invoked from BOTDEFENSE_ACTION anomaly the command
reflects the classification after fully inspecting the current request.

SYNOPSIS
BOTDEFENSE::client_class

DESCRIPTION
Returns the classification of the client that sent the request. The returned value is one of the following
strings:* unknown* browser* mobile_application* trusted_bot* untrusted_bot* malicious_bot* suspicious_browser.
The command is similar to BOTDEFENSE::client_type but with higher resolution for bot classification: when
BOTDEFENSE::client_type returns "bot", BOTDEFENSE::client_class returns the exact type of bot: malicious,
trusted or untrusted.

Syntax

BOTDEFENSE::client_class

RETURN VALUE
Returns the classification of the client that sent the request. When invoked in the BOTDEFENSE_REQUEST event
it returns the type based on the previous requests of the same client, or "unknown" if the client is not
recognized. When invoked in the BOTDEFENSE_ACTION event, the return value reflects the processing of the
current request on top of the accumulated history of the client

VALID DURING
BOTDEFENSE_ACTION, BOTDEFENSE_REQUEST

EXAMPLES
when BOTDEFENSE_REQUEST {
log.local0. "Client type before processing request: [BOTDEFENSE::client_class]"
}

when BOTDEFENSE_ACTION {
log.local0. "Client type after processing request: [BOTDEFENSE::client_class]"
}

HINTS
SEE ALSO
CHANGE LOG
@BIGIP-14.1 --First introduced the command.

BIG-IP 2020-06-23 iRule(1)