Manage Bot Defense Advanced
Important: Bot Defense Advanced Self-Service Policy Management is an Early Access feature.
As your IT infrastructure evolves, it might be necessary to make changes to your Bot Defense configuration, for example, to protect a new endpoint, add a new IP address to the allow list or to revert to a previous policy version.
The following sections provide information about how to view and update Bot policies, and how to view your Bot infrastructure. To make changes to your Bot infrastructure, contact the F5 Operations team.
Manage Your Bot Infrastructure
The following information explains how to view your current Bot infrastructure, including a list of clusters, configuration details and the status of each.
Important: To make changes to your Bot Infrastructure, contact your F5 Operations team.
View Deployed Bot Infrastructure
To view your deployed Bot infrastructure, from the Bot Defense navigation menu, click Manage > Bot Infrastructure. If necessary, use Search to find the Bot infrastructure you want to view.
The Bot Infrastructure page includes the following columns:
- Bot Infrastructure Name: A name to identify the infrastructure.
- Infra Traffic: The type of traffic that accesses that infrastructure.
- Region: The geographic region where the infrastructure is deployed.
- Endpoint Policy: The deployed Bot Endpoint policy name and version number.
- Network Policy: The deployed Bot Network policy name and version number.
- Allowlist Policy: The deployed Bot Allowlist policy name and version number.
You can perform the following additional tasks from the Bot Infrastructure page:
Show Bot Infrastructure Status
The following steps allow you to view the status of all your Bot infrastructures.
-
From the Bot Defense navigation menu, click Manage > Bot Infrastructure.
-
Click Refresh to retrieve the latest information about your Bot Infrastructure.
Figure: Refresh Status
-
In the Actions column on the Bot Infrastructure, click the Action menu (…) next to a Bot infrastructure.
-
Click Show Bot Infrastructure Status. The following information appears for each infrastructure:
-
Deployment Status: The status of the deployment process for that infrastructure. Either Success, In-Progress or Failed.
-
Policies: The name and version number of each policy deployed for that infrastructure.
-
Details: Information about the status of your infrastructure.
Figure: Bot Infrastructure Status
-
-
To exit, click anywhere outside of the Bot Infrastructure Status panel.
View Configuration Details
-
From the Bot Defense navigation menu, click Manage > Bot Infrastructure.
-
In the Actions column on the Bot Infrastructure, click the Action menu (…) next to a Bot Infrastructure.
-
Click View Configuration. The following information appears for the infrastructure you selected:
-
Name: The name of the Bot infrastructure.
-
Endpoint Policy: The deployed Bot Endpoint policy name, version number and traffic type (Web or Mobile).
-
Allowlist Policy: The deployed Bot Allowlist policy name and version number.
-
Network Policy: The deployed Bot Network policy name and version number.
-
Infrastructure Type:
- Environment Type: Whether this is a production or development environment.
- Traffic Type: The type of traffic that accesses the infrastructure (Web or Mobile).
- Infra Type: Whether this is a hosted on on-premises infrastructure.
- Infra Host Name: The host name of the infrastructure assigned by F5.
- Ingress: The Bot infrastructure cluster that your traffic enters to be evaluated by Bot Defense.
- Egress: The IP addresses through which traffic exits after being evaluated by Bot Defense.
-
Access Control List: The list of IP addresses added to the Allowlist Policy.
Figure: Configuration Details
-
-
To exit configuration details, click Cancel and Exit.
Manage Bot Policies
The Distributed Cloud Console lets you view and manage your currently deployed polices. For example, you can protect additional endpoints, change mitigation actions or update your routing information and then deploy new policy versions. You can also view previous policy versions. If you need help managing policies, contact your F5 Operations team.
Protect Additional Endpoints
After you initially deploy your Bot Endpoint Policy, as your IT environment evolves, it might be necessary to protect additional endpoints. To protect an additional endpoint, you must create a new version of the Bot Endpoint Policy.
- From the Bot Defense navigation menu, click Manage > Bot Policies and then click Bot Endpoint Policy.
- From the list of saved Bot Endpoint Policies, in the Actions column, click the Action menu (…) next to the most recent policy version.
- Click Manage Configuration and then click Edit Configuration.
- To add a new protected endpoint, in the Protected Endpoints section, click Add Item and then provide information about the endpoint. For information about specific configuration fields, see Configure the Bot Endpoint Policy.
- When you finish adding endpoints, click Apply and then click Review Changes.
- Choose one of the following options:
- Save Final: The policy version is saved and added to the list of policy versions that you can deploy in your Bot infrastructure.
- Save as Draft: You or another administrator can review and finalize this policy version later.
- To deploy your new policy version, see Deploy Policy Updates.
View Policy Version History and Details
You can view history and policy details for previous versions of each Bot Policy type.
- From the Bot Defense navigation menu, click Manage > Bot Policies and then click either Bot Endpoint Policy, Bot Allowlist Policy or Bot Network Policy.
- From the list of saved policy versions, in the Actions column, click the Action menu (…) next to the version you want to view and then click Endpoint Policy Versions, Allowlist Policy Versions or Network Policy Versions, depending on the type of policy you want to view.
- In the Policy Versions box, in the Actions column, click the Action menu (…) next to the version you want to view and click Manage Configuration to view details of a policy.
Download a Policy JSON File
For each of your individual policies, you can download a JSON file that contains the details of the policy.
To download the JSON file:
- From the Bot Defense navigation menu, click Manage > Bot Policies and then click either Bot Endpoint Policy, Bot Allowlist Policy or Bot Network Policy
- From the list of saved policies, in the Actions column, click the Action menu (…) and then click Policy Versions.
- From the list of saved policy versions, in the Actions column, click the Action menu (…) and then click Download JSON. The JSON file downloads to the download location configured in your browser.
- When the download completes, click outside the Policy Versions window to close the window.
Change Mitigation Actions
After you initially deploy your Bot Endpoint Policy, it might be necessary to change the mitigation actions you configured for your endpoints. For example, if you initially deployed your Bot Endpoint Policy with the mitigation action set to Continue
so traffic continues to the origin, when you decide to begin mitigating traffic, you might change the mitigation action to Redirect
or Block
so that automated traffic no longer reaches the origin.
-
From the Bot Defense navigation menu, click Manage > Bot Policies and then click Bot Endpoint Policy.
-
From the list of saved Bot Endpoint Policies, in the Actions column, click the Action menu (…) next to the most recent policy version.
-
Click Manage Configuration and then click Edit Configuration.
-
In the Action column, next to the protected endpoint you want to edit, click Edit.
Figure: Edit a Protected Endpoint
-
Scroll to Mitigation action and select a new mitigation action.
-
Click Apply and then click Review Changes.
-
Choose one of the following options:
- Save Final: The policy version is saved and added to the list of policy versions that you can deploy in your Bot infrastructure.
- Save as Draft: You or another administrator can review and finalize this policy version later.
-
To deploy a new policy version, see Deploy Policy Updates.
Revert to a Previous Policy Version
It might be necessary to revert to a previous policy version if a recent change has created an unintended consequence or if a change in your IT environment makes a previous policy more desirable.
When you revert to a previous policy version, the current version remains available in the system if you decide that it is necessary to return to that latest policy version.
Policy changes take effect immediately, so before you revert to a previous policy version, make sure you know what the results of the change are.
- From the Bot Defense navigation menu, click Manage > Bot Infrastructure.
- In the Actions column, next to the Bot Infrastructure where you want to revert a previous policy version, click the Action menu (...) and then click Deploy Infrastructure.
- For the policy you want to update, select the Policy Name and Deployment Version to which you want to revert.
- Select the checkbox to acknowledge that you understand that Bot Defense deploys policy changes immediately.
- Click Deploy. Then click Show Bot Infrastructure Status to view the deployment status for the Bot Infrastructure you updated.