Forum Discussion
Romain_SALMON
Feb 07, 2024Altostratus
Hello,
The presence of the “X-Requested-With: XMLHttpRequest” header indicates that the request is sent by an AJAX call which explains this malfunction. Indeed, javascript originally of this call is not capable of responding to the challenge sent by the F5 gateway.
The only way was to change the LTM policy configured : FOR AJAX CALLS
If http header named X-Requested-With exists at request then enable asm and disable botdefense.
FOR API RESTful or SOAP :
IF http header full string named Content-Type contains any of json /XML at request
enable asm and disable botdefense at request time.
Nevertheless, this exception can open access to scrappers... So i still didn't do it.
Have a great day,