Enter Bot Manager Policy id: 5 ------------------------------------------------------------------ [Bot Manager Policy 5 Menu] name - Set descriptive policy name sid - Set the Subscriber ID of the protected entity sideband - Set sideband policy mode - Set bot manager protection mode as active or report-only redirect - Redirect options for active mode Menu custom - Custom Response for active menu sessid - Set the Session ID variable userid - Set the user identifier variable ipaddr - Set the HTTP header indicating the IP address of the user jsinject - JS Injection script for improved detection Menu domaing - Domain grouping filebyps - Set the static files extensions to bypass the processing apptype - Set the application type as web or mobile appclass - Advanced Application Type Classifier Menu samesite - Set the bot manager cookies to be sent on requests from the same-site hdrfilt - Set headers filter when allhdrs is enabled hostname - Set the hostname for the Bot Manager endpoint communication hdrlist - Set a list of header names to include/exclude when allhdrs is enabled scookie - Enable/Disable secure cookies allhdrs - Enable/Disable collecting request headers for advanced detection trkevent - Enable/Disable tracking of events from Mobile Apps ena - Enable Bot Manager policy dis - Disable Bot Manager policy del - Delete Bot Manager Policy cur - Display current Bot Manager policy configuration |
Command Syntax and Usage | |
---|---|
name [<"policy name">|none] | |
An optional description of the Bot Manager policy. Maximum characters: 128 | |
sid | |
The ID in UUID format that identifies the application in the Bot Manager endpoint. Copy the Production ID from the Bot Manager portal and paste it here. To access the subscriber ID, go to the Bot Manger portal and select Integration > Subscriber ID Details. | |
sideband | |
The ID of the policy that forms the connection between Alteon and the Bot Manager endpoint. To add or edit a sideband policy, see Configuring the Sideband Connection. | |
mode [active|report] | |
The operational mode of the Bot Manager policy. Values: ![]() ![]() Default: report | |
redirect | |
This menu is relevant only when the mode parameter is set to active. Displays the Redirect Bot Manager Policy menu. To view this menu, see /cfg/security/botmng/botmng/redirect Redirect Bot Manager Policy Menu. | |
custom | |
This menu is relevant only when the mode parameter is set to active. Displays the Custom Response menu. To view this menu, see /cfg/security/botmng/botmng/custom Custom Response Menu. | |
sessid [cookie|header|query|none] | |
Specifies from where to take the session ID. Default: none When the value is changed from none, the session identifier variable option displays. Enter here the key name of the session ID. | |
userid [cookie|header|query|none] | |
Specifies from where to take the user ID. Default: none When the value is changed from None, the User Identifier field displays. Enter here the key name of the cookie, header, or query value. When the value is changed from none, the user identifier variable option displays. Enter here the key name of the user ID (case-sensitive). Note: Once you configure this flag, the user ID value is encrypted using SHA1 and then added to the message sent to the Bot Manager endpoint (the user ID is never sent unencrypted). | |
ipaddr remote-addr x-forwarded-for http_client_ip http_x_forwarded_for x-real-ip http_x_forwarded proxy-client-ip wl-proxy-client-ip http_x_cluster_client_ip http_forwarded_for http_forwarded http_via x-true-client-ip user-defined | |
Select from the drop-down list the name of the header from the client request that contains the true source IP address of the client request (as opposed to the IP address of the last proxy that forwards the request to Alteon). For an IP header that does not appear in the drop-down select “user-defined” and specify the required IP header (case-insensitive). | |
jsinject | |
Displays the Redirect JS Injection script menu. To view this menu, see /cfg/security/botmng/botmng/jsinject JS Injection script Menu. | |
domaing | |
Specifies the domain to be used at the set-cookie operation. As part of the integration, Alteon inserts a “set-cookie” header to the client response, so the user agent can send it back to the server on future requests (Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>). When domain grouping is left empty (default), the domain in the set-cookie header will be set to the same domain received at the request. This is required when the virtual service manages unrelated sub-domains. For example abc.com, xzy.com, and cfg.com. When domain grouping is set with a specific domain (mainly root domain), the domain in the set-cookie header will be set to the defined domain. This is required when the virtual service manages sub-domains which are related to each other, such as api.abc.com, mobile.abc.com, news.abc.com, and auth.abc.com. In this example, the domain cookie domain grouping value should be set to abc.com. | |
filebyps png|jpg|css|js|jpeg|gif|ico|ttf|svg|xml|woff|woff2|ashx|asmx|svc|swf|otf|eot | |
The list of extensions of static file types for which Alteon allows client requests to reach the server without inspection. The entries in the list must be divided by a pipe (|) with no space between entries. The file type values are case-sensitive. | |
apptype [web|mobile] | |
The type of application that Alteon protects. Values: Mobile Application, Web Application Default: web | |
appclass | |
Displays the Advanced Application Type Classifier menu. To view this menu, see /cfg/security/botmng/botmng/appclass Advanced Application Type Classifier Menu. | |
samesite [lax|strict|none] | |
As part of the integration, Alteon inserts a "set-cookie" header to the client response so the client can send this cookie back to the server on future requests. One of the set-cookie attributes is called SameSite (Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; SameSite=<samesite value>. The SameSite cookie attribute allows you to declare if your cookie should be restricted to a same‑site (or first-party) context or it can also be used in a cross-site (or third-party) context. Cookies that match the domain of the current site (i.e., what is displayed on the browser's address bar), are referred to as first-party cookies. Similarly, cookies from domains other than the current site are referred to as third-party cookies. This attribute allows setting the same-site attribute for the Bot Manager cookies. Values: ![]() ![]() ![]() Default: lax | |
hdrfiltr [none|exclude|include] | |
Sets headers to exclude or include from sending to the Bot Manager endpoint when allhdrs is enabled. Values: none, exclude, include Default: none | |
hostname | |
Sets the hostname for the Bot Manager endpoint communication. Values: ![]() ![]() Default: scus.shieldsquare.net Note: Update this parameter when a match between the hostname specified at the transaction and the destination IP of the Bot Manager endpoint is being verified as part of the security policy. | |
hdrlist <256 character header names list> | |
Sets a list of headers to include or exclude when allhdrs is enabled and hdrfiltr is different than none.The names must be divided by a pipe (|) with no space between header names. The following special characters are not supported: quotation mark ("), ampersand (&), colon (:), and backslash (\). | |
scookie [disabled|enabled] | |
Specifies whether Alteon sets the cookie with the Secure attribute, which limits the scope of the cookie to secure channels Default: disabled | |
allhdrs [disabled/enabled] | |
When enabled, Alteon collects and sends all the request headers to the Bot Manager endpoint to allow advanced detection of bots. Note: Contact Bot Manager support before enabling this option. Values: enabled, disabled Default: disabled Note: To include or exclude specific headers, use hdrfiltr and hdrlistHeader Names to Include/ExcludeFilter. | |
trkevent [d|e] | |
Enables or disables tracking of events from mobile apps. Default: enabled | |
ena | |
Enables the current Bot Manager policy. | |
dis | |
Disables the current Bot Manager policy. | |
del | |
Deletes the current Bot Manager policy. | |
cur | |
Displays the current Bot Manager policy configuration. |