F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Distributed Cloud Services: Bot Defense Implementation
  3. Configuring Bot Defense in Standard Service Level
Manual Chapter : Configuring Bot Defense in Standard Service Level

Applies To:

Show Versions Show Versions

BIG-IP Distributed Cloud Services

  • 17.1.2, 17.1.1, 17.1.0
Manual Chapter

Configuring Bot Defense in Standard Service Level

Configuring Bot Defense in Standard service level for web

Before configuring Bot Defense you need to configure a Proxy pool or Protection pool, or select an existing pool during configuration. For more information, refer to BIG-IP Local Traffic Management: Basics - Introduction to pools.
Use this task to configure Bot Defense in Standard service level for protecting web pages.
The screen elements described here are for basic configuration. Refer to the help text available in the configuration utility for details about all the fields.
  1. On the Main tab, click
    Distributed Cloud Services
    Bot Defense
    BD Profiles
    .
    The BD Profiles screen displays the list of Bot Defense profiles on the system.
  2. Click the
    Create
     button.
    The New BD Profile screen opens.
  3. In the General Properties section, enter the following details:
    • In the
      Profile Name
       field, enter a unique name for the Bot Defense profile.
    • In the
      Parent Profile
       field, select the Bot Defense parent profile from which this profile will inherit settings.
    • For the
      Service Level
       field, select
      Standard
      .
    • For the
      Application Type
       field, check
      Web
      .
  4. In the API Request Settings section, in the
    Import API Settings
     field, check
    Upload File
     and click the
    Choose File
     button to import a JSON file with predefined values or check
    Paste Text
     to enter the JSON file content. The contents of the file must be in a valid JSON format.
  5. In the JS Insertion Configuration section, the
    BIG-IP Handles JS Injections
     field is checked by default, if you uncheck the field then follow the
    Note
     given in the Web UI.
  6. In the Protected Endpoint - Web section, in the
    Protected URIs
     field, enter the following details and click the
    Add
     button:
    The
    Mitigation Handler
     field is available for update only in the Advanced service level.
    The
    GET (Document)
     field is checked only when the Bot Defense is required for web scraping.
    • In the
      Host
       field, enter the hostname or IP address of the web page to be protected by the Bot Defense.
    • In the
      Path
       field, enter the path to the web page.
    • Check the
      ANY Method
       field to protect the path when it has any method.
      You must check (enable) at least one of the methods or
      ANY Method
       field, else, the HTTP requests will not be routed.
    • Check the
      GET (XHR/Fetch)
       field to protect the path when it has a GET method.
    • Check the
      POST
       field to protect the path when it has a POST method.
    • Check the
      PUT
       field to protect the path when it has a PUT method.
    • In the
      Mitigation Action
       field, choose the mitigation action you want the BIG-IP to take if a malicious HTTP request is detected on the path.
    Click the
    Add
     button to add the URI. You can add multiple URIs, use the
    Edit
     and
    Delete
     buttons to update or delete a URI from the list.
  7. In the Advanced Features section, select
    Advanced
    , enter the following details:
    • Check the
      Use Proxy
       field if you want the data to be routed through a proxy server, else uncheck this field to send data directly from the BIG-IP to the Bot Defense backend server.
    • In the
      Proxy Pool
       field, select an existing pool or click the
      +
       button to add a new pool.
      The
      Proxy Pool
       field is displayed when the
      Use Proxy
       field is checked.
    • In the
      Proxy Bot Protection Endpoint URL
       field, enter the web URL that is used to redirect HTTP requests to the Bot Defense backend server.
      The
      Proxy Bot Protection Endpoint URL
       field is displayed when the
      Use Proxy
       field is checked.
    • In the
      Protection Pool
       field, select an existing pool or click the
      +
       button to create a new pool. If you click the
      +
       button, the pool configuration screen appears. In the pool configuration screen, create a new pool using the IP or domain of the bot server. When you click
      Finish
       in the pool configuration screen, you return to the BD Profile screen.
      The
      Protection Pool
       field is displayed when the
      Use Proxy
       field is unchecked.
      While creating a pool, ensure to manually select an applicable FQDN based on location, following are a few examples:
      • Select
        ibd-webemea2.fastcache.net
         for EMEA.
      • Select
        ibd-webus.fastcache.net
         for US.
      • Select
        ibd-webapcj.fastcache.net
         for APCJ.
    • In the
      SSL Profile
       field, select the server-side SSL profile.
    • Check the
      CORS Support
       field to let the Cross-Origin Resource Sharing (CORS) protocol to allow the restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
    • Check the
      Report Transaction Result
       field to enable reporting the transaction results to improve bot defense.
  8. Click the
    Finished
     button.
    The Bot Defense profile is created.
Assign the Bot Defense profile to Virtual Server, refer to Assigning a Bot Defense profile to Virtual Server.

Configuring Bot Defense in Standard service level for web scraping

Before configuring the Bot Defense for web scraping (interstitial), configure the Bot Defense profile in Standard service level for web and update the
Protected URIs
 field, refer to Configuring Bot Defense in Standard service level for web.
Use this task to configure the Bot Defense in Standard service level for protecting traffic from web scraping.
  1. On the Main tab, click
    Distributed Cloud Services
    Bot Defense
    BD Profiles
    .
    The BD Profiles screen displays the list of Bot Defense profiles on the system.
  2. Click the Bot Defense profile for which web scraping is configured.
  3. In the Protected Endpoint - Web section, in the
    Protected URIs
     field, enter the following details and click the
    Add
     button:
    The
    Mitigation Handler
     field is available for update only in the Advanced service level.
    • In the
      Host
       field, enter the hostname or IP address of the web page to be protected by the Bot Defense.
    • In the
      Path
       field, enter the path to the web page.
    • Check the
      GET (Document)
       field to protect the path from web scrapping.
      When you check (enable) GET (Document) no other method can be enabled.
    • In the
      Mitigation Action
       field, choose the mitigation action you want the BIG-IP to take if a malicious HTTP request is detected on the path.
    Click the
    Add
     button to add URI. You can add multiple URIs, use the
    Edit
     and
    Delete
     buttons to update or delete a URI from the list.
  4. Click the
    Update
     button.

Configuring Bot Defense in Standard service level for mobile

Before configuring Bot Defense you need to configure a Proxy pool or Protection pool, or select an existing pool during configuration. For more information, refer to BIG-IP Local Traffic Management: Basics - Introduction to pools.
Use this task to configure the Bot Defense in Standard service level for mobile applications. If you want to configure the Bot Defense for both mobile and web in the same profile, then in
Application Type
 field, check
Web
 and
Mobile
 and configure respective screen elements. Use Configuring Bot Defense in Standard service level for web task for reference.
The screen elements described here are for basic configuration. Refer to the help text available in the configuration utility for details about all the fields.
  1. On the Main tab, click
    Distributed Cloud Services
    Bot Defense
    BD Profiles
    .
    The BD Profiles screen displays the list of Bot Defense profiles on the system.
  2. Click the
    Create
     button.
    The New BD Profile screen opens.
  3. In the General Properties section, enter the following details:
    • In the
      Profile Name
       field, enter a unique name for the Bot Defense profile.
    • In the
      Parent Profile
       field, select the Bot Defense parent profile from which this profile will inherit settings.
    • For the
      Service Level
       field, select
      Standard
      .
    • For the
      Application Type
       field, check
      Mobile
      . The
      Web
       is checked by default, you can uncheck
      Web
       if the Bot Defense profile is only used to protect mobile application. You can leave the
      Web
       as checked, if the Bot Defense profile is used to protect both web page and mobile application.
  4. In the API Request Settings section, in the
    Import API Settings
     field, check
    Upload File
     and click the
    Choose File
     button to import a JSON file with predefined values or check
    Paste Text
     to enter the JSON file content. The contents of the file must be in a valid JSON format.
  5. In the Protected Endpoint - Mobile section, enter the following details:
    The
    Mitigation Handler
     field is available for update only in the Advanced service level.
    • In the
      Protected URIs
       field, enter the following details and click the
      Add
       button:
      • In the
        Host
         field, enter the hostname or IP address of the mobile application to be protected by the Bot Defense.
      • In the
        Path
         field, enter the path to the mobile application.
      • Check the
        ANY Method
         field to protect the path when it has any method.
        You must check (enable) at least one of the methods or
        ANY Method
         field, else, the HTTP requests will not be routed.
      • Check the
        GET
         field to protect the path when it has a GET method.
      • Check the
        POST
         field to protect the path when it has a POST method.
      • Check the
        PUT
         field to protect the path when it has a PUT method.
      • Use the
        Check Mobile Identifier
         field if the URL is same for web and mobile, select
        Header
         to request the information, or select
        Skip
         to ignore.
      • In the
        Mitigation Action
         field, choose the mitigation action you want the BIG-IP to take if a malicious HTTP request is detected on the endpoint.
      Click the
      Add
       button to add the URI. You can add multiple URIs, use the
      Edit
       and
      Delete
       buttons to update or delete a URI from the list.
    • In the
      SDK Reload Headername
       filed, enter the reload header prefix.
    • In the
      SDK Config Fetch URL - Android
       field, enter the URL to fetch SDK configuration for Android.
    • In the
      SDK Config Fetch URL - iOS
       field, enter the URL to fetch SDK configuration for iOS.
  6. In the Advanced Features section, select
    Advanced
    , enter the following details:
    • Check the
      Use Proxy
       field if you want the data to be routed through a proxy server, else uncheck this field to send data directly from the BIG-IP to the Bot Defense backend server.
    • In the
      Proxy Pool
       field, select an existing pool or click the
      +
       button to add a new pool.
      The
      Proxy Pool
       field is displayed when the
      Use Proxy
       field is checked.
    • In the
      Proxy Bot Protection Endpoint URL - Mobile
       field, enter the application URL that is used to redirect HTTP requests to the Bot Defense backend server.
      The
      Proxy Bot Protection Endpoint URL - Mobile
       field is displayed when the
      Use Proxy
       field is checked.
    • In the
      Protection Pool - Mobile
       field, select an existing pool or click the
      +
       button to add a new pool. If you click the
      +
       button, the pool configuration screen appears. In the pool configuration screen, create a new pool using the IP or domain of the bot server. When you click
      Finish
       in the pool configuration screen, you return to the BD Profile screen.
      The
      Protection Pool - Mobile
       field is displayed when the
      Use Proxy
       field is unchecked.
      While creating a pool, ensure to manually select an applicable FQDN based on location, following are a few examples:
      • Select
        ibd-webemea2.fastcache.net
         for EMEA.
      • Select
        ibd-webus.fastcache.net
         for US.
      • Select
        ibd-webapcj.fastcache.net
         for APCJ.
    • In the
      SSL Profile
       field, select the server-side SSL profile.
    • Check the
      CORS Support
       field to let the Cross-Origin Resource Sharing (CORS) protocol to allow the restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
    • Check the
      Report Transaction Result
       field to enable reporting the transaction results to improve bot defense.
Assign the Bot Defense profile to Virtual Server, refer to Assigning a Bot Defense profile to Virtual Server.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information