Configure the Bot Network Policy

Published April 5, 2023 | Last modified February 2, 2026

Important: Bot Defense Self-Service Policy Management is an Early Access feature.

When you configure Bot Defense as an inline solution where request traffic is routed from your network to Bot Defense, the Bot Network Policy provides routing information for traffic that Bot Defense determines to be legitimate human traffic and allows to continue to the origin server. You can configure the following routing types:

  • Configure Upstream Routing when you want to send all human traffic to the same origin based on fully-qualified domain name of the request.
  • Configure Manual Routing when you want to send human traffic to different origins depending on the inbound protocol and fully-qualified domain name of the request.

You must configure routing information for each application with an endpoint that is protected by Bot Defense.

Figure: Bot Network Policy

Figure: Bot Network Policy

Note: You can only edit the most recent version of the Bot Network Policy.

To configure a Bot Network Policy:

  1. From the Bot Defense navigation menu, select Manage > Bot Policies and then select Bot Network Policy.
  2. From the list of saved Bot Network Policies, in the Actions column, select the Action menu () next to the policy you want to configure. If you are configuring a Bot Network Policy for the first time, it is likely that you only have one saved policy version.
  3. Select Manage Configuration and then select Edit Configuration.
  4. To configure Upstream Routing, select Add New and enter the fully-qualified domain name (FQDN) of the origin where you want to send requests that Bot Defense determines to be human traffic. For example, enter www.internal.example.com.
  5. To configure Manual Routing, select Add Item and configure the following settings:
    1. In the Inbound Protocol field, select the protocol for requests that are routed to Bot Defense (HTTP or HTTPS).
    2. In the Inbound FQDN field, enter the hostname and domain name for requests that are routed to Bot Defense. For example, enter shop.example.com.
    3. In the Outbound Protocol field, select the protocol for requests that Bot Defense allows to continue to the origin (HTTP or HTTPS).
    4. In the Outbound FQDN/IP field, enter the host and domain name or the IP address where you want to send requests that Bot Defense allows to continue to the origin. For example, enter internal.example.com.
    5. In the Outbound Port field, enter the outbound port number for requests that Bot Defense allows to continue to the origin.
    6. When you finish, select Apply. To add additional manual routing information, select Add Item.
  6. When you finish making changes, select Save Bot Network Policy.
  7. Choose one of the following options:
    • Save Final: You can deploy the saved policy version in your Bot infrastructure.
    • Save as Draft: You or another administrator can review and finalize this policy version later.

      Important: Other administrators can make changes that overwrite your saved draft. Before you deploy your policy update, review the policy settings to make sure they are correct.

Next Steps

When you finish configuring your Bot Network Policy version and are ready to deploy the version, see Deploy Policy Updates.

Important: F5 recommends that you first deploy and test new policy versions in your test environment to make sure the system behaves as you intended before you deploy in a production environment. For information, see Test Bot Defense.