ASM unified bot defense profile : Browser Verification
Hello everyone, I'm in version 14.1.0.5 and I'm trying to understand the new Bot defense profile. I'm struggling specially with the "Browser Verification" option; From the article K42323285 we can read that this option may have the following values : 1/ None .. 2/ Challenge-Free ... 3/ Verify Before Access— ... 4/ Verify After Access (Blocking)—The default value whenProfile Templateis set to Balanced. The system injects a JavaScript challenge in the server response prior to sending the response to the client. If the client fails the challenge, the system performs the configured mitigation action and reports the anomaly. If the client passes the challenge, the system forwards the request to the server. 5/ Verify After Access (Detection Only)—The system injects JavaScript challenge in the server response prior to sending the response to the client. If the client fails the challenge, the system only reports the anomaly but does not perform any mitigation action. If the client passes the challenge, the system forwards the request to the server. I really don't understand the difference between 4/ and 5/ for the following reason : a/ Since the challenge in sent in the server response, it means that the client request was already sent to the application and hence why talking about the bigip performing an action or not ? isn't it too late since the client already got the server response ? b/ Let's suppose that the text is talking about the system taking the action (block or detect only) on the next client request, will this replace the enforcement mode of the profile ? I mean choosing to "Verify After Access (detection only)" would not lead to blocking a not-allowed class ? is it another way to make the profile in transparent mode ? I really doubt on this but I can't find any other explanation , Any help would be greatly appreciated 🙂 many thanks, karim BENYELLOUL1.3KViews0likes2Comments