AWAF v17.1 Bot Defense限速REST API配置手册
2023-10-24 16:36:54
Will Tang
AWAF的Bot Defense功能可以针对微服务进行精细的速率限制,在GUI中配置路径和界面如下:
新建Microservice,可以定义这个service的host,uri以及要限制的访问频率和限制时间(每个客户端)
相关配置的API Endpoint 是:
/mgmt/tm/security/bot-defense/profile/~Common~bot_quanzhi/micro-services
标红部分是Partition+ProfileName
使用GET方法可以查看目前定义的所有Microservices
使用POST方法可以新增一个Microservice,Payload示例如下:
{
"name": "goodsList",
"action": "block",
"browserMitigationAction": "block",
"detectionThreshold": 5,
"detectionTime": 60,
"enforcementMode": "blocking",
"hostname": "*",
"matchOrder": 1,
"mitigationTime": 60,
"type": "/Common/Custom Microservice Protection",
"urls": [
{
"matchOrder": 1,
"name": "url_goodsList",
"url": "/goodsList*"
}
],
"classOverrides": [
{
"name": "Malicious Bot",
"mitigation": {
"action": "none"
},
"verification": {
"action": "none"
}
},
{
"name": "Trusted Bot",
"mitigation": {
"action": "none"
},
"verification": {
"action": "none"
}
},
{
"name": "Unknown",
"mitigation": {
"action": "none"
},
"verification": {
"action": "none"
}
},
{
"name": "Untrusted Bot",
"mitigation": {
"action": "none"
},
"verification": {
"action": "none"
}
}
]
}
解释如下:除红色参数外,其它保留模板内容不变
{
"name": "goodsList", #Microservice name
"action": "block",
"browserMitigationAction": "block", #检测到超限访问后的动作,封禁
"detectionThreshold": 5, #检测周期内每个客户端允许几次访问
"detectionTime": 60, #检测周期,单位是秒
"enforcementMode": "blocking",
"hostname": "*", #hostname
"matchOrder": 1, #匹配顺序,必需,填1就是每次添加的条目都置顶
"mitigationTime": 60, #对超限客户端的封禁时间,单位是秒
"type": "/Common/Custom Microservice Protection",
"urls": [
{
"matchOrder": 1,
"name": "url_goodsList",
"url": "/goodsList*"
}
],
"classOverrides": [
{
"name": "Malicious Bot",
"mitigation": {
"action": "none"
},
"verification": {
"action": "none"
}
},
{
"name": "Trusted Bot",
"mitigation": {
"action": "none"
},
"verification": {
"action": "none"
}
},
{
"name": "Unknown",
"mitigation": {
"action": "none"
},
"verification": {
"action": "none"
}
},
{
"name": "Untrusted Bot",
"mitigation": {
"action": "none"
},
"verification": {
"action": "none"
}
}
]
}
使用DELETE方法可以删除一个Microservice
使用PATCH方法可以修改一个Microservice的配置
如果防护策略不变,只是要增加防护的URL,可以在一个定义好的Microservice下面对urls资源进行操作,API Endpoint如下:
/mgmt/tm/security/bot-defense/profile/~Common~bot_quanzhi/micro-services/goodsList/urls
使用POST方法可以增加一个URL条目
这里要注意matchOrder必须唯一,和前面的Microservices不一样,不能一直写1
同理用PATCH方法可以修改,DELETE方法删除,GET方法查询
Bot Defense相关配置API操作完成后即时生效,不需要Apply
配置完成后如果超限访问相关微服务就会被封禁一段时间
发布评论 加入社群
相关文章
AWAF v17.1 Data Guard REST API配置手册
Will Tang
2023-10-24 16:24:54 
111
F5基于源IP和URL组合拦截请求配置
Will Tang
2023-10-24 16:13:12 162
使用AWAF进行Header防护
Will Tang
2023-03-22 22:33:57 403
回复评论
发布评论