ltm rule event BOTDEFENSE ACTIONΒΆ

iRule(1)					  BIG-IP TMSH Manual					     iRule(1)

BOTDEFENSE_ACTION
       Bot Defense event upon HTTP request, after action is decided.

DESCRIPTION
       Triggered immediately prior to taking an action on a transaction. The event may be used to override the
       default behavior, and/or to log the action taken.

       This event is always triggered when a Bot Defense profile is attached to the Virtual Server, unless the
       request is mitigated by dosl7 attack.

       Most of the commands that are available on the HTTP_REQUEST event are also available on the BOTDEFENSE_ACTION
       event.

       Note that commands which may suspend iRule processing are currently not supported in this event and should not
       be used. Partial list of these commands: after, persist, session, table, and RESOLV::lookup.

Examples
	# EXAMPLE 1: Send parsed Bot Defense data and action to High Speed Logging
	when BOTDEFENSE_ACTION {
	    set log "BOTDEFENSE:"
	    append log " uri [HTTP::uri]"
	    append log " cs_possible [BOTDEFENSE::cs_possible]"
	    append log " cs_allowed [BOTDEFENSE::cs_allowed]"
	    append log " cs_attribute(device_id) [BOTDEFENSE::cs_attribute device_id]"
	    append log " cookie_status [BOTDEFENSE::cookie_status]"
	    append log " cookie_age [BOTDEFENSE::cookie_age]"
	    append log " device_id [BOTDEFENSE::device_id]"
	    append log " support_id [BOTDEFENSE::support_id]"
	    append log " previous_action [BOTDEFENSE::previous_action]"
	    append log " previous_support_id [BOTDEFENSE::previous_support_id]"
	    append log " previous_request_age [BOTDEFENSE::previous_request_age]"
	    append log " bot_signature [BOTDEFENSE::bot_signature]"
	    append log " bot_signature_category [BOTDEFENSE::bot_signature_category]"
	    append log " captcha_status [BOTDEFENSE::captcha_status]"
	    append log " captcha_age [BOTDEFENSE::captcha_age]"
	    append log " default action [BOTDEFENSE::action]"
	    append log " reason \"[BOTDEFENSE::reason]\""
	    log local0. $log
	    HSL::send $hsl $log
	}

	# EXAMPLE 2: Bypassing enforcement on URL pattern
	when BOTDEFENSE_ACTION {
	    if {[HTTP::uri] starts_with "/t/"} {
		log local0. "bypassing enforcement for URI [HTTP::uri]"
		set res [BOTDEFENSE::action allow]
		log local0. "set action to allow, result \"$res\""
		log local0. "resulting action [BOTDEFENSE::action] reason \"[BOTDEFENSE::reason]\""
	    }
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-12.1 --First introduced the event.

BIG-IP						      2020-06-23					     iRule(1)