F5 BIG-IP ASM - Bot Protection

I’ve already written several posts about load balancers in this blog but, this year, I’ve been also writing about the Web Application Firewall (WAF) of F5 Networks because I’ve had to deploy, configure and support these devices during 2018. This is the main reason I passed the exam for BIG-IP ASM Specialist this summer and I’ve been recording videos about L7 DDoS Mitigation, CSRF Protection or XXE Protection. Today, I want to continue recording this kind of videos because, I think, they are useful for learning and testing attacks and defenses.

This post is about how to configure Bot Protection in F5 BIG-IP ASM because there are increasingly bots out there (Internet) and we should take into account the bots for Layer 7 DoS Mitigation and Web Scraping Mitigation. However, we have to know what bots we want to allow and what bots we want to block. For instance, it’s interesting to allow the Googlebot, which is used by the Google search engine, but it’s also interesting to block all DoS tools such as Apache Bench or slowhttptest, which can be malicious for the web page we are protecting with the WAF.

ab -c 10 -n 10 -r -H "User-Agent: Agilitybot" http://url_to_attack/

Apache Bench

You can watch in the next video how to configure Bot Protection in F5 BIG-IP ASM:

Regards my friend and remember, keep studying!!