Applies To:
Show VersionsBIG-IP ASM
- 15.0.1, 15.0.0, 14.1.2, 14.1.0
Creating Bot Defense Profiles
About bot signatures
Bot signatures identify web robots by looking for specific patterns in the headers of incoming HTTP requests. Bot detection includes many signatures that identify bots, and you can also write your own for customized bot defense.
Bot signatures carefully identify bots and have a low rate of producing false positive results. The signatures identify the type of bot for classification and investigative purposes, and can distinguish between benign and malicious bots.
Benign bots can be useful for providing Internet services such as search engine bots, index crawlers, site monitors, and those used to establish availability and response time. Some environments may not want to block benign bot traffic. But attackers use malicious bots for more harmful purposes such as harvesting email addresses, producing spam, and developing exploitation tools. You may want to block malicious bots because they can orchestrate DoS attacks, waste internet resources, and search for vulnerabilities to exploit in your application.
Being able to classify bots allows you to treat them differently. You can report, block, or do nothing when a signature matches a malicious or benign bot. Further, malicious and benign bots fall into more specific bot signature categories that can be handled as needed. You can create new categories if needed for custom bot signatures.
Creating a bot defense profile
You can configure Application Security Manager (ASM) to protect your web site against attacks by bots before the attacks occur. Bot defense checks all traffic (except whitelisted URLs) coming to the web site, not simply suspicious traffic. Bot defense uses a set of JavaScript evaluations and bot signatures to make sure that browsers visiting your web site are legitimate.
Assigning a bot defense profile to a virtual server
Enforcing bot signatures
- On the Main tab, click .
- Click the name of the profile with Signature Staging upon Update enabled and then click the Signature Enforcement tab.
- Review the number of signatures ready to be enforced; select those you want to enforce and click Enforce.