WAF bot_define
huy.tran
Member ✭
WAF feature block traffic then enable WAF ( Bot-Define):
CEF:0|A10|TH1030S|4.1.1-P3|WAF4|bot-check|6|rt=Sep 15 2017 13:49:40 src=52.220.96.111 spt=62290 dst=10.0.0.220 dpt=443 dhost=uat.api-acledabank.com cs1=UAT-API-ACLEDA cs2=4ce1c66d87d59b2d act=deny cs3=active app=HTTPS requestMethod=POST cn1=0 request=/login msg=User-Agent missing!
Help me how to fix it
Thanks
CEF:0|A10|TH1030S|4.1.1-P3|WAF4|bot-check|6|rt=Sep 15 2017 13:49:40 src=52.220.96.111 spt=62290 dst=10.0.0.220 dpt=443 dhost=uat.api-acledabank.com cs1=UAT-API-ACLEDA cs2=4ce1c66d87d59b2d act=deny cs3=active app=HTTPS requestMethod=POST cn1=0 request=/login msg=User-Agent missing!
Help me how to fix it
Thanks
0
Comments
what version of ACOS are you using? ACOS 2.7.X or 4.X.X?
CU Holger!
are you sure this are regular requests? The client is not sending the User-Agent end therefor the WAF can not identify the bot.
If this is a regular request and you know who it is should he send the User-Agent.
If this is a regular request and you don't know who sends it you have to deactivate the bot-check.
If this is not a regular request -> act=deny ;-)
CU Holger!
The version is 4.1.1 and i don't know who with the user-agent
Thanks
if now one is moaning about it -> act=deny ;-)
Then it should be a unregular request because all clients are sending there User-Agent. Also wget or curl.
CU Holger!
Addressing potential bot-related issues, it's crucial to ensure regular requests include the User-Agent for WAF identification. If known, clients should send User-Agent; if unknown, consider deactivating the bot-check. User-Agent data is vital for effective WAF management.