Configure the Bot Network Policy

Published April 5, 2023 | Last modified January 17, 2025

Important: Bot Defense Advanced Self-Service Policy Management is an Early Access feature.

When you configure Bot Defense Advanced as an inline solution where request traffic is routed from your network to the Bot Defense service, the Bot Network Policy provides routing information for traffic that Bot Defense determines to be legitimate human traffic and allows to continue to the origin server. You can configure the following routing types:

  • Configure Upstream Routing when you want to send all human traffic to the same origin based on fully-qualified domain name of the request.
  • Configure Manual Routing when you want to send human traffic to different origins depending on the inbound protocol and fully-qualified domain name of the request.

You must configure routing information for each application with an endpoint that is protected by Bot Defense Advanced.

Figure: Bot Network Policy

Figure: Bot Network Policy

Note: You can only edit the most recent version of the Bot Network Policy.

  1. From the Bot Defense navigation menu, click Manage > Bot Policies and then click Bot Network Policy.
  2. From the list of saved Bot Network Policies, in the Actions column, click the Action menu () next to the policy you want to configure. If you are configuring a Bot Network Policy for the first time, it is likely that you only have one saved policy version.
  3. Click Manage Configuration and then click Edit Configuration.
  4. Update the policy Description as necessary. Note that you cannot edit the policy name.
  5. To configure Upstream Routing, click Add New and enter the fully-qualified domain name (FQDN) of the origin where you want to send requests that Bot Defense determines to be human traffic. For example, enter www.internal.example.com.
  6. To configure Manual Routing, click Add Item and configure the following settings:
    1. In the Inbound Protocol field, select the protocol for requests that are routed to Bot Defense (HTTP or HTTPS).
    2. In the Inbound FQDN field, enter the hostname and domain name for requests that are routed to Bot Defense. For example, enter shop.example.com.
    3. In the Outbound Protocol field, select the protocol for requests that Bot Defense allows to continue to the origin (HTTP or HTTPS).
    4. In the Outbound FQDN/IP field, enter the host and domain name or the IP address where you want to send requests that Bot Defense allows to continue to the origin. For example, enter internal.example.com.
    5. In the Outbound Port field, enter the outbound port number for requests that Bot Defense allows to continue to the origin.
    6. When you finish, click Apply. To add additional manual routing information, click Add Item.
  7. When you finish making changes, click Review Changes.
  8. Choose one of the following options:
    • Save Final: You can deploy the saved policy version in your Bot infrastructure.
    • Save as Draft: You or another administrator can review and finalize this policy version later.

      Important: Other administrators can make changes that overwrite your saved draft. Before you deploy your policy update, review the policy settings to make sure they are correct.

Next Steps

When you finish configuring your Bot Network Policy version and are ready to deploy the version, see Deploy Policy Updates.

Important: F5 recommends that you first deploy and test new policy versions in your test environment to make sure the system behaves as you intended before you deploy in a production environment. For information, see Test Bot Defense Advanced.