Manual Chapter : Managing Bot Signatures and Bot Signature Categories

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 6.0.1
Manual Chapter

Managing Bot Signatures and Bot Signature Categories

About bot signatures and bot signature categories

You use bot signatures to identify web robots by looking for specific patterns in the headers of incoming HTTP requests. You can create, modify, and delete only those bot signatures that are user-defined.
Bot signatures are organized by categories. You can assign a bot signature to an existing category, or create your own.

Create bot signatures

You use bot signatures to identify web robots by looking for specific patterns in the headers of incoming HTTP requests. Refer to the BIG-IP ®Application Security Manager (ASM) documentation on attack and bot signatures for more information.
  1. Click
    Configuration
    SECURITY
    Shared Security
    Bot Signatures
    .
  2. Click
    Create
    .
  3. In the
    Name
    field, type a name for the bot signature.
  4. In the
    Partition
    setting, the
    Common
    partition is listed and cannot be changed.
  5. In the
    Domains
    setting, you can add or delete domains.
    • To add a domain, in the
      Domain Name
      field, type the name and click
      Add
      .
    • To delete a domain, select a domain from the list and click
      Remove
      .
  6. From the
    Category
    list, select the appropriate category for the bot signature.
  7. In the
    Rule
    setting, create a rule for the bot signature using either simple or advanced editing.
    • Select
      Simple Edit Mode
      to create a rule by supplying what content the user agent and the URL should match.
      • From the
        User-agent
        list, select the type of match, and then type the string to be matched in the user agent.
      • From the
        URL
        list, select the type of match, and then type the string to be matched in the URL.
    • Select the
      Advanced Edit Mode
      to create more complex rules, such as those containing multiple search strings or a conditional text match. You type the rule expression using
      Snort
      control syntax.
      Snort
      control syntax is explained fully in the BIG-IP Application Security Manager documentation.
  8. From the
    Risk
    list, select the risk level associated with the bot signature.
  9. You see that
    User-defined
    is selected for any new or modified bot signature defined by the user: this cannot be changed.
  10. You see that the
    References
    setting is read-only and set to
    N/A
    .
  11. Save any changes.

Create bot signature categories

You use bot signature categories to label groups of bot signatures. You can create and modify only those bot signature categories that are user-defined.
  1. Click
    Configuration
    SECURITY
    Shared Security
    Bot Signature Categories
    .
  2. Click
    Create
    .
    The New Bot Signature Category screen opens.
  3. Type a
    Category Name
    for the bot signature category, and use the
    Partition
    setting default of
    Common
    .
  4. From the
    Category Type
    list, select the appropriate type for the bot signature category, either
    Malicious
    or
    Benign
    .
  5. Since you can only create user-defined bot signature categories, the
    User-defined
    setting is selected and cannot be changed.
  6. Save any changes.