recently I implemented an ASM policy with the Sharepoint template in transparent mode.
No DoS profile.
Unfortunately I ran into an issue with - I assume - the browser check.
Our external Nagios-Monitoring does a curl request and looks for a specific keyword in the response to check the health of the external service.
Currently the response doesn't contain a page, but following output:
Your support ID is: 2863805088290756184.
I can't figure out why this is happening. I can't even find anything with this support ID, neither in App Events, nor in DoS events.
In the learning and blocking settings the "Web scraping detected" signature is deactivated.
If I add the source IP to a whitelist, it works for my test client all the time.
But adding the Nagios IP doesn't work (only random).
I'm not sure what more I could check/change here - any ideas?
What TMOS version in use? Also, have you enabled BOT signatures and Proactive Bot Defence?
As far as I know, no. I hope we mean the same:
In Security - DoS Protection - DoS Profiles, there is only the default profile "dos", which is disabled:
OK, so not a DOS profile issue. Suggest confirming all violations with a Block have Learn/Alarm flags set to see if the blocked events appear in the event logs. Also confirm what IP address Nagios uses to ensure the right one is whitelisted.
Hi, it was an issue with the session awareness / Device ID.
This feature also uses JS. After deactivating, it works now properly.
thanks for posting the answer, still i would look into the whitelisting issue. if you ever want to use that functionality you need a solution.
ASM is treating requests curl/Nagios as a bot hence blocking it (obviously). Deactivating bot/deviceID protection completely only makes sense if this URL is not meant to be accessed publicly, otherwise you will be allowing bots to attack this content.
Best way is to approach this without breaking security of your website is to whitelist the "good bot".