Prevent Data Mining ASM and LTM

Question

Hey, 
&nbsp; We will be soon releasing some new apps on our website pulling data from a content management system.  A worry we have is that the content could be trawled and copied by some automated bot. 
&nbsp; Can the ASM determine that something illegitimate (which would generally be anything not googlebot, yahoo, msn etc) is crawling our site based on rate, maybe using url +1 type logic that could stop this activity occurring (even if a botnet is used or spoofed ip / proxy etc) without harming legitimate traffic. 
&nbsp;  
&nbsp; Secondly as we want to use the web accelerator product so may have to go without the ASM for a while until version 10 is released is there functionality in the LTM that can prevent this some type of iRule or class profile. 
&nbsp;  
&nbsp; Sorry maybe this info is out there already I had a quick search on the forum and a read through the ASM config guide but didn't come across anything. 
&nbsp; Thanks 
&nbsp;

hooleylist · Answer

Hi, 
&nbsp;  
&nbsp; I don't know of any DOS protection at the HTTP layer in ASM.  If you can map out the logic for how to determine one or more clients is attacking the application, you could potentially write an iRule to detect and protect against the attack.  I'm not sure how easy it would be to detect a distributed DOS attack though.  Logically what are you thinking you'd like to look for? 
&nbsp;  
&nbsp; This might be a good request for enhancement.  If you want F5 to consider adding this type of functionality, you could open a case with F5 Support requesting it. 
&nbsp;  
&nbsp; Aaron

don_22992 · Answer

Don't many of those bots show up as unique agents in the header? I suspect that information could be used to block such undesirable browsing.

zafer · Answer

Hi hoolio, 
&nbsp;  
&nbsp; i think ASM need integration with some irule features like request throlling. 
&nbsp; the other vendors automaticly implement their product transparently and protect these type attack and no hard configuration, 
&nbsp; the customers request these type product in my region, 
&nbsp; if the asm integrate anomaly based attack for detection some request and automatic blocking 
&nbsp;  
&nbsp; it will be great 
&nbsp;  
&nbsp; zafer &nbsp;

hooleylist · Answer

Hi Zafer, 
&nbsp;  
&nbsp; Those are valid suggestions that I'm sure F5's ASM product management would like to hear.  to make this request formally, you can open a case with F5 Support and provide as much detail as possible on what improvements you'd like to see in ASM and examples of competitive product features. 
&nbsp;  
&nbsp; Aaron

strongarm_46960 · Answer

You could probably write an iRule to display a CAPTCHA file every 15 minutes to the HTTP originator whenever requests reaches 50 request per second from a particular IP address, users coming from proxies will just have to complete a simple form. if the form is not filled the request gets 30x redirected  &gt; /dev/null

Forum Discussion

Prevent Data Mining ASM and LTM

8 Replies

Recent Discussions

Reverse Proxy Not Behaving

Stable Firmware for F5

F5 VE in Azure - troubles with Sentinel integration

Need help on i-rule to specific uri path

BigIP Next - Health Monitors / Template

Related Content

Mining JavaScript Events for Fun & (Preventing Someone Else’s) Profit

API Security Strategy - Discover and map APIs, block unwanted connection and prevent data leakage

Re: Prevention of OWASP API Security API3:2019 Excessive Data Exposure using F5 XC

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

SSL Orchestrator Advanced Use Cases: Integrating F5 Intrusion Prevention System (IPS)