Manual Chapter : Managing Bot Signatures and Bot Signature Categories
Applies To:Show Versions
BIG-IQ Centralized Management
Managing Bot Signatures and Bot Signature
About bot signatures and bot signature
You use bot signatures to identify web robots by looking for specific patterns in the headers of incoming HTTP requests. You can create, modify, and delete only those bot signatures that are user-defined.
Bot signatures are organized by categories. You can assign a bot signature to an existing category, or create your own.
Create bot signatures
You can configure bot signatures to identify specific, or known patterns in the headers of incoming HTTP requests. This allows you to specify additional threats to your protected applications. You must complete the fields marked in yellow to save this signature.
- In theNamefield, type a name for the bot signature.
- In thePartitionsetting, theCommonpartition is listed and cannot be changed.
- In theDomainssetting, you can add or delete domains.
- To add a domain, in theDomain Namefield, type the name in the Domain Name field and clickAdd.
- To delete a domain, select a domain from the list and clickRemove.
- From theCategorylist, select the appropriate category for the bot signature.
- In theRulesetting, create a rule for the bot signature using either simple or advanced editing.
- SelectSimple Edit Modeto create a rule by supplying what content the user agent and the URL should match.
- From theUser-agentlist, select the type of match, and then type the string to be matched in the user agent.
- From theURLlist, select the type of match, and then type the string to be matched in the URL.
- Select theAdvanced Edit Modeto create more complex rules, such as those containing multiple search strings or a conditional text match. You type the rule expression usingSnortcontrol syntax.Snortcontrol syntax is explained fully in the BIG-IP Application Security Manager documentation.
- Risklist, select the risk level associated with the bot signature.This allows you to indicate within the signature details the potential damage of the attack, if it were successful.
- ClickSave & Close.
Create bot signature categories
You use bot signature categories to label groups of bot signatures. You can create and modify only those bot signature categories that are user-defined.
- ClickCreate.The New Bot Signature Category screen opens.
- Type aCategory Namefor the bot signature category, and use thePartitionsetting default ofCommon.
- From theCategory Typelist, select the appropriate type for the bot signature category, eitherMaliciousorBenign.
- Since you can only create user-defined bot signature categories, theUser-definedsetting is selected and cannot be changed.
- Save any changes.