Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ASM - Problems with curl monitoring / crawler - please enable JS

Hi,

recently I implemented an ASM policy with the Sharepoint template in transparent mode. No DoS profile.

Unfortunately I ran into an issue with - I assume - the browser check.

Our external Nagios-Monitoring does a curl request and looks for a specific keyword in the response to check the health of the external service.

Currently the response doesn't contain a page, but following output:

Please enable JavaScript to view the page content.
Your support ID is:  2863805088290756184.

I can't figure out why this is happening. I can't even find anything with this support ID, neither in App Events, nor in DoS events.

In the learning and blocking settings the "Web scraping detected" signature is deactivated.

If I add the source IP to a whitelist, it works for my test client all the time. But adding the Nagios IP doesn't work (only random).

I'm not sure what more I could check/change here - any ideas?

0
Rate this Question
Comments on this Question
Comment made 1 month ago by nathan 7324

What TMOS version in use? Also, have you enabled BOT signatures and Proactive Bot Defence?

0
Comment made 1 month ago by am.gli 151

13.1.1
As far as I know, no. I hope we mean the same:

In Security - DoS Protection - DoS Profiles, there is only the default profile "dos", which is disabled:

Image Text

0
Comment made 1 month ago by nathan 7324

OK, so not a DOS profile issue. Suggest confirming all violations with a Block have Learn/Alarm flags set to see if the blocked events appear in the event logs. Also confirm what IP address Nagios uses to ensure the right one is whitelisted.

0
Comment made 1 month ago by am.gli 151

Hi, it was an issue with the session awareness / Device ID. This feature also uses JS. After deactivating, it works now properly.

Thanks :)

0
Comment made 1 month ago by nathan 7324

great news

0
Comment made 1 month ago by boneyard 5578

thanks for posting the answer, still i would look into the whitelisting issue. if you ever want to use that functionality you need a solution.

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

ASM is treating requests curl/Nagios as a bot hence blocking it (obviously). Deactivating bot/deviceID protection completely only makes sense if this URL is not meant to be accessed publicly, otherwise you will be allowing bots to attack this content.

Best way is to approach this without breaking security of your website is to whitelist the "good bot".

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Attack contact

-1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Simple go in computer systems and format

-1