Forum Discussion

Cirrostratus

Sep 07, 2017

ASM bot detection

Folks I have requirement to enable bot detection in F5 ASM policy for my application access via only mobile browsers or PC browsers not through mobile app, how i can avoid false positive here wh...

application delivery

ASM Advanced WAF

samstep

Cirrocumulus

Oct 18, 2017

You need to have 2 separate ASM policies - one for browsers and a separate one for the smartphone app. The browser policy will have full bot detection features enabled and the smartphone app policy will have JavaScript-requiring options in bot/anomaly detection switched off and relying more on IP-based anomaly detection features of ASM.

I assume you already have a separate Virtual Server for the mobile app, but if not then you can easily route the incoming traffic to two different ASM policies depending on the User-Agent header using Local Traffic Policy.

Hope this helps,

Sam

Forum Discussion

ASM bot detection

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Bot Management Strategy - Defense against malicious bots with F5 Distributed Cloud Bot Defense

Bot defence profile on F5 ASM

Proactive Bot Defense Using BIG-IP ASM

Bot Defense for Mobile Apps in XC WAAP Part 1: The Bot Defense Mobile SDK

More Web Scraping - Bot Detection