WAF bot_define

huy.tranhuy.tran Member
in CFW - Convergent Firewall
WAF feature block traffic then enable WAF ( Bot-Define):

CEF:0|A10|TH1030S|4.1.1-P3|WAF4|bot-check|6|rt=Sep 15 2017 13:49:40 src=52.220.96.111 spt=62290 dst=10.0.0.220 dpt=443 dhost=uat.api-acledabank.com cs1=UAT-API-ACLEDA cs2=4ce1c66d87d59b2d act=deny cs3=active app=HTTPS requestMethod=POST cn1=0 request=/login msg=User-Agent missing!

Help me how to fix it

Thanks

Comments

  • hkohn72hkohn72 Member
    edited October 2017
    Hello Tran,

    what version of ACOS are you using? ACOS 2.7.X or 4.X.X?


    CU Holger!
  • hkohn72hkohn72 Member
    edited October 2017
    Oh! i see 4.1.1-P3! ;-)
  • hkohn72hkohn72 Member
    edited October 2017
    Hello Tran,

    are you sure this are regular requests? The client is not sending the User-Agent end therefor the WAF can not identify the bot.
    If this is a regular request and you know who it is should he send the User-Agent.
    If this is a regular request and you don't know who sends it you have to deactivate the bot-check.
    If this is not a regular request -> act=deny ;-)


    CU Holger!
  • huy.tranhuy.tran Member
    edited October 2017
    Hi hkohn72,
    The version is 4.1.1 and i don't know who with the user-agent

    Thanks
  • hkohn72hkohn72 Member
    edited October 2017
    Hi Tran,

    if now one is moaning about it -> act=deny ;-)
    Then it should be a unregular request because all clients are sending there User-Agent. Also wget or curl.


    CU Holger!
  • ClararClarar Member
    https://community.a10networks.com/discussion/comment/12942#Comment_12942

    Addressing potential bot-related issues, it's crucial to ensure regular requests include the User-Agent for WAF identification. If known, clients should send User-Agent; if unknown, consider deactivating the bot-check. User-Agent data is vital for effective WAF management.

Sign In or Register to comment.