F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Centralized Management
  4. F5 BIG-IQ Centralized Management: Security
  5. Managing Bot Signatures and Bot Signature Categories
Manual Chapter : Managing Bot Signatures and Bot Signature Categories

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.4.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

About bot signatures and bot signature categories

You use bot signatures to identify web robots by looking for specific patterns in the headers of incoming HTTP requests. You can create, modify, and delete only those bot signatures that are user-defined.

Bot signatures are organized by categories. You can assign a bot signature to an existing category, or create your own.

Create bot signatures

You use bot signatures to identify web robots by looking for specific patterns in the headers of incoming HTTP requests. Refer to the BIG-IP ® Application Security Manager™ (ASM) documentation on attack and bot signatures for more information.
  1. Click Configuration > SECURITY > Shared Security > Bot Signatures .
  2. Click Create.
  3. In the Name field, type a name for the bot signature.
  4. In the Partition setting, the Common partition is listed and cannot be changed.
  5. In the Domains setting, you can add or delete domains.
    • To add a domain, in the Domain Name field, type the name and click Add.
    • To delete a domain, select a domain from the list and click Remove.
  6. From the Category list, select the appropriate category for the bot signature.
  7. In the Rule setting, create a rule for the bot signature using either simple or advanced editing.
    • Select Simple Edit Mode to create a rule by supplying what content the user agent and the URL should match.
      • From the User-agent list, select the type of match, and then type the string to be matched in the user agent.
      • From the URL list, select the type of match, and then type the string to be matched in the URL.
    • Select the Advanced Edit Mode to create more complex rules, such as those containing multiple search strings or a conditional text match. You type the rule expression using Snort control syntax. Snort control syntax is explained fully in the BIG-IP Application Security Manager documentation.
  8. From the Risk list, select the risk level associated with the bot signature.
  9. You see that User-defined is selected for any new or modified bot signature defined by the user: this cannot be changed.
  10. You see that the References setting is read-only and set to N/A.
  11. Save any changes.

Create bot signature categories

You use bot signature categories to label groups of bot signatures. You can create and modify only those bot signature categories that are user-defined.
  1. Click Configuration > SECURITY > Shared Security > Bot Signature Categories .
  2. Click Create.
    The New Bot Signature Category screen opens.
  3. Type a Category Name for the bot signature category, and use the Partition setting default of Common.
  4. From the Category Type list, select the appropriate type for the bot signature category, either Malicious or Benign.
  5. Since you can only create user-defined bot signature categories, the User-defined setting is selected and cannot be changed.
  6. Save any changes.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information