Skip to content

bot-profile

The following operations can be performed on "bot-profile":

unbind| bind| show| add| set| stat| unset| rm|

unbind bot profile

Unbind the specified bot detection mechanism to the specified profile.

Synopsis

unbind bot profile ((-blackList -value ) | (-whiteList -value ) | (-rateLimit -type [-url ] [-cookieName ]) | (-ipReputation -category ) | (-captchaResource -url ) | (-tps -type ) | (-trapInsertionURL -url ) | (-logExpression -name ) | (-KMDetectionExpr -name ))

Arguments

name Name for the profile. Must begin with a letter, number, or the underscore character (), and must contain only letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at (@), equals (=), colon (:), and underscore () characters. Cannot be changed after the profile is added.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my profile" or 'my profile').

blackList Blacklist binding. Maximum 32 bindings can be configured per profile for Blacklist detection.

value Value of the bot black-list entry.

whiteList Whitelist binding. Maximum 32 bindings can be configured per profile for Whitelist detection.

value Value of bot white-list entry.

rateLimit Rate-limit binding. Maximum 30 bindings can be configured per profile for rate-limit detection. For SOURCE_IP type, only one binding can be configured, and for URL type, only one binding is allowed per URL, and for SESSION type, only one binding is allowed for a cookie name. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with new values.

type Rate-limiting type Following rate-limiting types are allowed: SOURCE_IP - Rate-limiting based on the client IP. SESSION - Rate-limiting based on the configured cookie name. *URL - Rate-limiting based on the configured URL.

Possible values: SESSION, SOURCE_IP, URL

url URL for the resource based rate-limiting.

cookieName Cookie name which is used to identify the session for session rate-limiting.

ipReputation IP reputation binding. For each category, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with the new values.

category IP Repuation category. Following IP Reuputation categories are allowed: IP_BASED - This category checks whether client IP is malicious or not. BOTNET - This category includes Botnet C&C channels, and infected zombie machines controlled by Bot master. SPAM_SOURCES - This category includes tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities. SCANNERS - This category includes all reconnaissance such as probes, host scan, domain scan, and password brute force attack. DOS - This category includes DOS, DDOS, anomalous sync flood, and anomalous traffic detection. REPUTATION - This category denies access from IP addresses currently known to be infected with malware. This category also includes IPs with average low Webroot Reputation Index score. Enabling this category will prevent access from sources identified to contact malware distribution points. PHISHING - This category includes IP addresses hosting phishing sites and other kinds of fraud activities such as ad click fraud or gaming fraud. PROXY - This category includes IP addresses providing proxy services. NETWORK - IPs providing proxy and anonymization services including The Onion Router aka TOR or darknet. MOBILE_THREATS - This category checks client IP with the list of IPs harmful for mobile devices.

Possible values: IP, BOTNETS, SPAM_SOURCES, SCANNERS, DOS, REPUTATION, PHISHING, PROXY, NETWORK, MOBILE_THREATS

captchaResource Captcha action binding. For each URL, only one binding is allowed. To update the values of an existing URL binding, user has to first unbind that binding, and then needs to bind the URL again with new values. Maximum 30 bindings can be configured per profile.

url URL for which the Captcha action, if configured under IP reputation, TPS or device fingerprint, need to be applied.

tps TPS binding. For each type only binding can be configured. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with new values.

type Type of TPS binding.

Possible values: SOURCE_IP, GEOLOCATION, REQUEST_URL, Host

trapInsertionURL Bind the trap URL for the configured request URLs. Maximum 30 bindings can be configured per profile.

url Request URL regex pattern for which Trap URL is inserted.

logExpression Log expression binding.

name Name of the log expression object.

KMDetectionExpr Keyboard-mouse based detection binding. For each name, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, then needs to bind again with new vlaues. Maximum 30 bindings can be configured per profile.

name Name of the keyboard-mouse expression object.

bind bot profile

Bind the specified bot detection mechanism to the specified profile.

Synopsis

bind bot profile ((-blackList -type -value -action ... [-enabled ( ON | OFF )]) | (-whiteList -type -value [-log ( ON | OFF )] [-enabled ( ON | OFF )]) | (-rateLimit -type [-url ] [-cookieName ] -rate -timeSlice [-action ...] [-enabled ( ON | OFF )]) | (-ipReputation -category [-enabled ( ON | OFF )] [-action ...]) | (-captchaResource -url [-waitTime ] [-gracePeriod ] [-mutePeriod ] [-requestSizeLimit ] [-retryAttempts ] -action ... [-enabled ( ON | OFF )]) | (-tps -type [-threshold ] [-percentage ] [-action ...] [-enabled ( ON | OFF )]) | (-trapInsertionURL -url [-enabled ( ON | OFF )]) | (-logExpression -name -expression [-enabled ( ON | OFF )]) | (-KMDetectionExpr -name -expression [-enabled ( ON | OFF )])) [-logMessage ] [-comment ]

Arguments

name Name for the profile. Must begin with a letter, number, or the underscore character (), and must contain only letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at (@), equals (=), colon (:), and underscore () characters. Cannot be changed after the profile is added.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my profile" or 'my profile').

blackList Blacklist binding. Maximum 32 bindings can be configured per profile for Blacklist detection.

type Type of the black-list entry.

Possible values: IPv4, SUBNET, EXPRESSION

value Value of the bot black-list entry.

action One or more actions to be taken if bot is detected based on this Blacklist binding. Only LOG action can be combined with DROP or RESET action. Default value: NONE

enabled Enabled or disbaled black-list binding.

Possible values: ON, OFF Default value: OFF

whiteList Whitelist binding. Maximum 32 bindings can be configured per profile for Whitelist detection.

type Type of the white-list entry.

Possible values: IPv4, SUBNET, EXPRESSION

value Value of bot white-list entry.

log Enable logging for Whitelist binding.

Possible values: ON, OFF Default value: OFF

enabled Enabled or disabled white-list binding.

Possible values: ON, OFF Default value: OFF

rateLimit Rate-limit binding. Maximum 30 bindings can be configured per profile for rate-limit detection. For SOURCE_IP type, only one binding can be configured, and for URL type, only one binding is allowed per URL, and for SESSION type, only one binding is allowed for a cookie name. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with new values.

type Rate-limiting type Following rate-limiting types are allowed: SOURCE_IP - Rate-limiting based on the client IP. SESSION - Rate-limiting based on the configured cookie name. *URL - Rate-limiting based on the configured URL.

Possible values: SESSION, SOURCE_IP, URL

url URL for the resource based rate-limiting.

cookieName Cookie name which is used to identify the session for session rate-limiting.

rate Maximum number of requests that are allowed in this session in the given period time. Default value: 1 Minimum value: 1

timeSlice Time interval during which requests are tracked to check if they cross the given rate. Default value: 1000 Minimum value: 10

action One or more actions to be taken when the current rate becomes more than the configured rate. Only LOG action can be combined with DROP, REDIRECT or RESET action. Default value: NONE

enabled Enable or disable rate-limit binding.

Possible values: ON, OFF Default value: OFF

ipReputation IP reputation binding. For each category, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with the new values.

category IP Repuation category. Following IP Reuputation categories are allowed: IP_BASED - This category checks whether client IP is malicious or not. BOTNET - This category includes Botnet C&C channels, and infected zombie machines controlled by Bot master. SPAM_SOURCES - This category includes tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities. SCANNERS - This category includes all reconnaissance such as probes, host scan, domain scan, and password brute force attack. DOS - This category includes DOS, DDOS, anomalous sync flood, and anomalous traffic detection. REPUTATION - This category denies access from IP addresses currently known to be infected with malware. This category also includes IPs with average low Webroot Reputation Index score. Enabling this category will prevent access from sources identified to contact malware distribution points. PHISHING - This category includes IP addresses hosting phishing sites and other kinds of fraud activities such as ad click fraud or gaming fraud. PROXY - This category includes IP addresses providing proxy services. NETWORK - IPs providing proxy and anonymization services including The Onion Router aka TOR or darknet. MOBILE_THREATS - This category checks client IP with the list of IPs harmful for mobile devices.

Possible values: IP, BOTNETS, SPAM_SOURCES, SCANNERS, DOS, REPUTATION, PHISHING, PROXY, NETWORK, MOBILE_THREATS

enabled Enabled or disabled IP-repuation binding.

Possible values: ON, OFF Default value: OFF

action One or more actions to be taken if bot is detected based on this IP Reputation binding. Only LOG action can be combinded with DROP, RESET, REDIRECT or MITIGATION action. Default value: NONE

captchaResource Captcha action binding. For each URL, only one binding is allowed. To update the values of an existing URL binding, user has to first unbind that binding, and then needs to bind the URL again with new values. Maximum 30 bindings can be configured per profile.

url URL for which the Captcha action, if configured under IP reputation, TPS or device fingerprint, need to be applied.

waitTime Wait time in seconds for which ADC needs to wait for the Captcha response. This is to avoid DOS attacks. Default value: 15 Minimum value: 10 Maximum value: 60

gracePeriod Time (in seconds) duration for which no new captcha challenge is sent after current captcha challenge has been answered successfully. Default value: 900 Minimum value: 60 Maximum value: 900

mutePeriod Time (in seconds) duration for which client which failed captcha need to wait until allowed to try again. The requests from this client are silently dropped during the mute period. Default value: 300 Minimum value: 60 Maximum value: 900

requestSizeLimit Length of body request (in Bytes) up to (equal or less than) which captcha challenge will be provided to client. Above this length threshold the request will be dropped. This is to avoid DOS and DDOS attacks. Default value: 8000 Minimum value: 10 Maximum value: 30000

retryAttempts Number of times client can retry solving the captcha. Default value: 3 Minimum value: 1 Maximum value: 10

action One or more actions to be taken when client fails captcha challenge. Only, log action can be configured with DROP, REDIRECT or RESET action. Default value: NONE

enabled Enable or disable the captcha binding.

Possible values: ON, OFF Default value: OFF

tps TPS binding. For each type only binding can be configured. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with new values.

type Type of TPS binding.

Possible values: SOURCE_IP, GEOLOCATION, REQUEST_URL, Host

threshold Maximum number of requests that are allowed from (or to) a IP, Geolocation, URL or Host in 1 second time interval. Minimum value: 1

percentage Maximum percentage increase in the requests from (or to) a IP, Geolocation, URL or Host in 30 minutes interval. Minimum value: 10

action One to more actions to be taken if bot is detected based on this TPS binding. Only LOG action can be combined with DROP, RESET, REDIRECT, or MITIGIATION action. Default value: NONE

enabled Enabled or disabled TPS binding.

Possible values: ON, OFF Default value: ON

trapInsertionURL Bind the trap URL for the configured request URLs. Maximum 30 bindings can be configured per profile.

url Request URL regex pattern for which Trap URL is inserted.

enabled Enable or disable the request URL pattern.

Possible values: ON, OFF Default value: OFF

logExpression Log expression binding.

name Name of the log expression object.

expression Expression whose result to be logged when violation happened on the bot profile.

enabled Enable or disable the log expression binding.

Possible values: ON, OFF Default value: OFF

KMDetectionExpr Keyboard-mouse based detection binding. For each name, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, then needs to bind again with new vlaues. Maximum 30 bindings can be configured per profile.

name Name of the keyboard-mouse expression object.

expression JavaScript file for keyboard-mouse detection, would be inserted if the result of the expression is true.

enabled Enable or disable the keyboard-mouse based binding.

Possible values: ON, OFF Default value: OFF

logMessage Message to be logged for this binding.

comment Any comments about this binding.

show bot profile

Displays details of the specified bot profile. If no profile is specified, displays a list of all bot profiles on the Citrix ADC.

Synopsis

show bot profile []

Arguments

name Name of the bot management profile.

Output

stateflag signature Name of object containing bot static signature details.

errorURL URL that Bot protection uses as the Error URL.

trapURL URL that Bot protection uses as the Trap URL.

comment Any comments about the purpose of profile, or other useful information about the profile.

builtin Flag to determine if bot profille is built-in or not

feature The feature to be checked while applying this config

whiteList Enable white-list bot detection.

blackList Enable black-list bot detection.

rateLimit Enable rate-limit bot detection.

deviceFingerprint Enable device-fingerprint bot detection

deviceFingerprintAction Action to be taken for device-fingerprint based bot detection.

ipReputation Enable IP-reputation bot detection.

trap Enable trap bot detection.

signatureNoUserAgentHeaderAction Actions to be taken if no User-Agent header in the request (Applicable if Signature check is enabled).

signatureMultipleUserAgentHeaderAction Actions to be taken if multiple User-Agent headers are seen in a request (Applicable if Signature check is enabled). Log action should be combined with other actions

trapAction Action to be taken for bot trap based bot detection.

tps Enable TPS.

blackList Blacklist binding. Maximum 32 bindings can be configured per profile for Blacklist detection.

whiteList Whitelist binding. Maximum 32 bindings can be configured per profile for Whitelist detection.

rateLimit Rate-limit binding. Maximum 30 bindings can be configured per profile for rate-limit detection. For SOURCE_IP type, only one binding can be configured, and for URL type, only one binding is allowed per URL, and for SESSION type, only one binding is allowed for a cookie name. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with new values.

ipReputation IP reputation binding. For each category, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with the new values.

captchaResource Captcha action binding. For each URL, only one binding is allowed. To update the values of an existing URL binding, user has to first unbind that binding, and then needs to bind the URL again with new values. Maximum 30 bindings can be configured per profile.

tps TPS binding. For each type only binding can be configured. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with new values.

type Type of the black-list entry.

type Type of the white-list entry.

enabled Enabled or disbaled black-list binding.

enabled Enabled or disabled white-list binding.

value Value of the bot black-list entry.

value Value of bot white-list entry.

action One or more actions to be taken if bot is detected based on this Blacklist binding. Only LOG action can be combined with DROP or RESET action.

type Type of TPS binding.

threshold Maximum number of requests that are allowed from (or to) a IP, Geolocation, URL or Host in 1 second time interval.

percentage Maximum percentage increase in the requests from (or to) a IP, Geolocation, URL or Host in 30 minutes interval.

action One to more actions to be taken if bot is detected based on this TPS binding. Only LOG action can be combined with DROP, RESET, REDIRECT, or MITIGIATION action.

enabled Enabled or disabled TPS binding.

category IP Repuation category. Following IP Reuputation categories are allowed: IP_BASED - This category checks whether client IP is malicious or not. BOTNET - This category includes Botnet C&C channels, and infected zombie machines controlled by Bot master. SPAM_SOURCES - This category includes tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities. SCANNERS - This category includes all reconnaissance such as probes, host scan, domain scan, and password brute force attack. DOS - This category includes DOS, DDOS, anomalous sync flood, and anomalous traffic detection. REPUTATION - This category denies access from IP addresses currently known to be infected with malware. This category also includes IPs with average low Webroot Reputation Index score. Enabling this category will prevent access from sources identified to contact malware distribution points. PHISHING - This category includes IP addresses hosting phishing sites and other kinds of fraud activities such as ad click fraud or gaming fraud. PROXY - This category includes IP addresses providing proxy services. NETWORK - IPs providing proxy and anonymization services including The Onion Router aka TOR or darknet. MOBILE_THREATS - This category checks client IP with the list of IPs harmful for mobile devices.

action One or more actions to be taken if bot is detected based on this IP Reputation binding. Only LOG action can be combinded with DROP, RESET, REDIRECT or MITIGATION action.

enabled Enabled or disabled IP-repuation binding.

type Rate-limiting type Following rate-limiting types are allowed: SOURCE_IP - Rate-limiting based on the client IP. SESSION - Rate-limiting based on the configured cookie name. *URL - Rate-limiting based on the configured URL.

url URL for the resource based rate-limiting.

cookieName Cookie name which is used to identify the session for session rate-limiting.

rate Maximum number of requests that are allowed in this session in the given period time.

timeSlice Time interval during which requests are tracked to check if they cross the given rate.

action One or more actions to be taken when the current rate becomes more than the configured rate. Only LOG action can be combined with DROP, REDIRECT or RESET action.

enabled Enable or disable rate-limit binding.

url URL for which the Captcha action, if configured under IP reputation, TPS or device fingerprint, need to be applied.

waitTime Wait time in seconds for which ADC needs to wait for the Captcha response. This is to avoid DOS attacks.

gracePeriod Time (in seconds) duration for which no new captcha challenge is sent after current captcha challenge has been answered successfully.

mutePeriod Time (in seconds) duration for which client which failed captcha need to wait until allowed to try again. The requests from this client are silently dropped during the mute period.

requestSizeLimit Length of body request (in Bytes) up to (equal or less than) which captcha challenge will be provided to client. Above this length threshold the request will be dropped. This is to avoid DOS and DDOS attacks.

retryAttempts Number of times client can retry solving the captcha.

action One or more actions to be taken when client fails captcha challenge. Only, log action can be configured with DROP, REDIRECT or RESET action.

enabled Enable or disable the captcha binding.

log Enable logging for Whitelist binding.

logMessage Message to be logged for this binding.

comment Any comments about this binding.

trapInsertionURL Bind the trap URL for the configured request URLs. Maximum 30 bindings can be configured per profile.

url Request URL regex pattern for which Trap URL is inserted.

enabled Enable or disable the request URL pattern.

deviceFingerprintMobile Enabling bot device fingerprint protection for mobile clients

logExpression Log expression binding.

name Name of the log expression object.

expression Expression whose result to be logged when violation happened on the bot profile.

enabled Enable or disable the log expression binding.

clientIpExpression Expression to get the client IP.

KMJavaScriptName Name of the JavaScript file that the Bot Management feature will insert in the response for keyboard-mouse based detection. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my javascript file name" or 'my javascript file name').

KMDetection Enable keyboard-mouse based bot detection.

KMDetectionExpr Keyboard-mouse based detection binding. For each name, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, then needs to bind again with new vlaues. Maximum 30 bindings can be configured per profile.

enabled Enable or disable the keyboard-mouse based binding.

name Name of the keyboard-mouse expression object.

expression JavaScript file for keyboard-mouse detection, would be inserted if the result of the expression is true.

KMEventsPostBodyLimit Size of the KM data send by the browser, needs to be processed on ADC

verboseLogLevel Bot verbose Logging. Based on the log level, ADC will log additional information whenever client is detected as a bot.

devno count

add bot profile

Creates bot profile, which has configuration options for bot management. (A profile is equivalent to an action in other Citrix ADC features.)

Synopsis

add bot profile [-signature ] [-errorURL ] [-trapURL ] [-comment ] [-whiteList ( ON | OFF )] [-blackList ( ON | OFF )] [-rateLimit ( ON | OFF )] [-deviceFingerprint ( ON | OFF )] [-deviceFingerprintAction ...] [-ipReputation ( ON | OFF )] [-trap ( ON | OFF )] [-trapAction ...] [-signatureNoUserAgentHeaderAction ...] [-signatureMultipleUserAgentHeaderAction ...] [-tps ( ON | OFF )] [-deviceFingerprintMobile ...] [-clientIpExpression ] [-KMJavaScriptName ] [-KMDetection ( ON | OFF )] [-KMEventsPostBodyLimit ] [-verboseLogLevel ( NONE | HTTP_FULL_HEADER )]

Arguments

name Name for the profile. Must begin with a letter, number, or the underscore character (), and must contain only letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at (@), equals (=), colon (:), and underscore () characters. Cannot be changed after the profile is added.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my profile" or 'my profile').

signature Name of object containing bot static signature details.

errorURL URL that Bot protection uses as the Error URL. Default value: NS_S_BOT_DEFAULT_ERRORURL

trapURL URL that Bot protection uses as the Trap URL. Default value: NS_S_BOT_DEFAULT_TRAPURL

comment Any comments about the purpose of profile, or other useful information about the profile. Default value: NS_S_BOT_DEFAULT_PROFILE_COMMENTS

whiteList Enable white-list bot detection.

Possible values: ON, OFF Default value: OFF

blackList Enable black-list bot detection.

Possible values: ON, OFF Default value: OFF

rateLimit Enable rate-limit bot detection.

Possible values: ON, OFF Default value: OFF

deviceFingerprint Enable device-fingerprint bot detection

Possible values: ON, OFF Default value: OFF

deviceFingerprintAction Action to be taken for device-fingerprint based bot detection. Default value: NONE

ipReputation Enable IP-reputation bot detection.

Possible values: ON, OFF Default value: OFF

trap Enable trap bot detection.

Possible values: ON, OFF Default value: OFF

trapAction Action to be taken for bot trap based bot detection. Default value: NONE

signatureNoUserAgentHeaderAction Actions to be taken if no User-Agent header in the request (Applicable if Signature check is enabled). Default value: DROP

signatureMultipleUserAgentHeaderAction Actions to be taken if multiple User-Agent headers are seen in a request (Applicable if Signature check is enabled). Log action should be combined with other actions Default value: CHECKLAST

tps Enable TPS.

Possible values: ON, OFF Default value: OFF

deviceFingerprintMobile Enabling bot device fingerprint protection for mobile clients Default value: NONE

clientIpExpression Expression to get the client IP.

KMJavaScriptName Name of the JavaScript file that the Bot Management feature will insert in the response for keyboard-mouse based detection. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my javascript file name" or 'my javascript file name'). Default value: NS_S_BOT_DEFAULT_KM_JS_NAME

KMDetection Enable keyboard-mouse based bot detection.

Possible values: ON, OFF Default value: OFF

KMEventsPostBodyLimit Size of the KM data send by the browser, needs to be processed on ADC Default value: NS_BOT_DEFAULT_KM_POST_BODY_LIMIT Minimum value: 1 Maximum value: 204800

verboseLogLevel Bot verbose Logging. Based on the log level, ADC will log additional information whenever client is detected as a bot.

Possible values: NONE, HTTP_FULL_HEADER Default value: NONE

set bot profile

Set the bot profile parameters

Synopsis

set bot profile [-signature ] [-errorURL ] [-trapURL ] [-comment ] [-whiteList ( ON | OFF )] [-blackList ( ON | OFF )] [-rateLimit ( ON | OFF )] [-deviceFingerprint ( ON | OFF )] [-deviceFingerprintAction ...] [-ipReputation ( ON | OFF )] [-trap ( ON | OFF )] [-signatureNoUserAgentHeaderAction ...] [-signatureMultipleUserAgentHeaderAction ...] [-trapAction ...] [-tps ( ON | OFF )] [-deviceFingerprintMobile ...] [-clientIpExpression ] [-KMJavaScriptName ] [-KMDetection ( ON | OFF )] [-KMEventsPostBodyLimit ] [-verboseLogLevel ( NONE | HTTP_FULL_HEADER )]

Arguments

name Name for the profile. Must begin with a letter, number, or the underscore character (), and must contain only letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at (@), equals (=), colon (:), and underscore () characters. Cannot be changed after the profile is added.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my profile" or 'my profile').

signature Name of object containing bot static signature details.

errorURL URL that Bot protection uses as the Error URL. Default value: NS_S_BOT_DEFAULT_ERRORURL

trapURL URL that Bot protection uses as the Trap URL. Default value: NS_S_BOT_DEFAULT_TRAPURL

comment Any comments about the purpose of profile, or other useful information about the profile. Default value: NS_S_BOT_DEFAULT_PROFILE_COMMENTS

whiteList Enable white-list bot detection.

Possible values: ON, OFF Default value: OFF

blackList Enable black-list bot detection.

Possible values: ON, OFF Default value: OFF

rateLimit Enable rate-limit bot detection.

Possible values: ON, OFF Default value: OFF

deviceFingerprint Enable device-fingerprint bot detection

Possible values: ON, OFF Default value: OFF

deviceFingerprintAction Action to be taken for device-fingerprint based bot detection. Default value: NONE

ipReputation Enable IP-reputation bot detection.

Possible values: ON, OFF Default value: OFF

trap Enable trap bot detection.

Possible values: ON, OFF Default value: OFF

signatureNoUserAgentHeaderAction Actions to be taken if no User-Agent header in the request (Applicable if Signature check is enabled). Default value: DROP

signatureMultipleUserAgentHeaderAction Actions to be taken if multiple User-Agent headers are seen in a request (Applicable if Signature check is enabled). Log action should be combined with other actions Default value: CHECKLAST

trapAction Action to be taken for bot trap based bot detection. Default value: NONE

tps Enable TPS.

Possible values: ON, OFF Default value: OFF

deviceFingerprintMobile Enabling bot device fingerprint protection for mobile clients Default value: NONE

clientIpExpression Expression to get the client IP.

KMJavaScriptName Name of the JavaScript file that the Bot Management feature will insert in the response for keyboard-mouse based detection. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore characters.

The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my javascript file name" or 'my javascript file name'). Default value: NS_S_BOT_DEFAULT_KM_JS_NAME

KMDetection Enable keyboard-mouse based bot detection.

Possible values: ON, OFF Default value: OFF

KMEventsPostBodyLimit Size of the KM data send by the browser, needs to be processed on ADC Default value: NS_BOT_DEFAULT_KM_POST_BODY_LIMIT Minimum value: 1 Maximum value: 204800

verboseLogLevel Bot verbose Logging. Based on the log level, ADC will log additional information whenever client is detected as a bot.

Possible values: NONE, HTTP_FULL_HEADER Default value: NONE

stat bot profile

Displays statistics for the specified bot profile. If no profile is specified, displays abbreviated statistics for all the profiles.

Synopsis

stat bot profile [] [-detail] [-fullValues] [-ntimes ] [-logFile ] [-clearstats ( basic | full )]

Arguments

name Name of the bot profile.

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

Output

count devno stateflag

Counters

requests (reqs) HTTP/HTTPS requests sent to your protected web servers via the Bot profile.

Request Bytes (reqBytes) Number of bytes transfered for requests

responses (resps) HTTP/HTTPS responses sent by your protected web servers via the Bot profile.

Response Bytes (resBytes) Number of bytes transfered for responses

total logs profile (botLogProfile) Total number of logs by the Bot profile.

total drop profile (botDropProfile) Total number of drops by the Bot profile.

total redirect profile (botRedirectProfile) Total number of redirects by the Bot profile.

total reset profile (botResetProfile) Total number of resets by the Bot profile.

Device Fingerprint (deviceFingerPrintProfile) Number of device fingerprint violations seen by the Bot profile.

Device Fingerprint Logs (deviceFingerPrintLogProfile) Number of device fingerprint violations logged by the Bot profile.

Device Fingerprint Drop (deviceFingerPrintDropProfile) Number of device fingerprint violations dropped by the Bot profile.

Device Fingerprint Redirect (deviceFingerPrintRedirectProfile) Number of device fingerprint violations requests redirected by the Bot profile to a different Web page or web server.

Device Fingerprint Captcha (deviceFingerPrintCaptchaProfile) Number of device fingerprint violation requests for which CAPTCHA challenge was sent due to Bot profile.

Device Fingerprint Reset (deviceFingerPrintResetProfile) Number of device fingerprint violations reset by the Bot profile.

IP Reputation (ipRepProfile) Number of ip reputation violations seen by the Bot profile.

IP Reputation Logs (ipRepLogProfile) Number of ip reputation violations logged by the Bot Profile.

IP Reputation Drop (ipRepDropProfile) Number of ip reputation violations dropped by the Bot profile.

IP Reputation Redirect (ipRepRedirectProfile) Number of ip reputation violations requests redirected by the Bot profile to a different Web page or web server.

IP Reputation Captcha (ipRepCaptchaProfile) Number of ip reputation violation requests for which CAPTCHA challenge was sent due to Bot profile.

IP Reputation Reset (ipRepResetProfile) Number of ip reputation violations reset by the Bot profile.

White List (whiteListProfile) Number of white list violations seen by the Bot profile.

White List Logs (whiteListLogProfile) Number of white list violations logged by the Bot profile.

Black List (blackListProfile) Number of black list violations seen by the Bot profile.

Black List Logs (blackListLogProfile) Number of black list violations logged by the Bot profile.

Black List Drop (blackListDropProfile) Number of black list violations dropped by the Bot profile.

Black List Reset (blackListResetProfile) Number of black list violations reset by the Bot profile.

Black List Redirect (blackListRedirectProfile) Number of black list violations redirected by the Bot profile to a different Web page or web server.

Rate Limit (rateLimitProfile) Number of rate limiting violations seen by the Bot profile.

Rate Limit Logs (rateLimitLogProfile) Number of rate limiting violations logged by the Bot profile.

Rate Limit Drop (rateLimitDropProfile) Number of rate limiting violations dropped by the Bot profile.

Rate Limit Redirect (rateLimitRedirectProfile) Number of rate limiting violations requests redirected by the Bot profile to a different Web page or web server.

Rate Limit Reset (rateLimitResetProfile) Number of rate limiting violations reset by the Bot profile.

Static Signature (staticSignnatureProfile) Number of static signatutre violations seen by the Bot profile.

Static Signature Logs (staticSignnatureLogProfile) Number of static signatutre violations logged by the Bot profile.

Static Signature Drop (staticSignnatureDropProfile) Number of static signatutre violations dropped by the Bot profile.

Static Signature Redirect (staticSignnatureRedirectProfile) Number of static signatutre violations redirected by the Bot profile to a different Web page or web server.

Static Signature Reset (staticSignnatureResetProfile) Number of static signatutre violations reset by the Bot profile to a different Web page or web server.

TPS (tpsProfile) Number of tps violations seen by the Bot profile.

Tps Logs (tpsLogProfile) Number of tps violations logged by the Bot profile.

Tps Drop (tpsDropProfile) Number of tps violations dropped by the Bot profile.

Tps Redirect (tpsRedirectProfile) Number of tps violations requests redirected by the Bot profile to a different Web page or web server.

Tps Reset (tpsResetProfile) Number of tps violations reset by the Bot profile.

Tps Captcha (tpsCaptchaProfile) Number of tps violation requests for which CAPTCHA challenge was sent due to Bot profile.

Captcha (captchaProfile) Number of Captcha challenge failures seen by the Bot profile.

Captcha Log (captchaLogProfile) Number of Captcha challenge failures logged by the Bot profile.

Captcha Drop (captchaDropProfile) Number of Captcha challenge failures dropped by the Bot profile.

Captcha Redirect (captchaRedirectProfile) Number of Captcha challenge failures redirected by the Bot profile.

Captcha Reset (captchaResetProfile) Number of Captcha challenge failures reset by the Bot profile.

Trap (trapProfile) Number of trap violations seen by the Bot profile.

Trap Logs (trapLogProfile) Number of trap violations logged by the Bot profile.

Trap Drop (trapDropProfile) Number of trap violations dropped by the Bot profile.

Trap Redirect (trapRedirectProfile) Number of trap violations requests redirected by the Bot profile to a different Web page or web server.

Trap Reset (trapResetProfile) Number of trap violations reset by the Bot profile.

Example

stat bot profile

unset bot profile

Use this command to remove bot profile settings.Refer to the set bot profile command for meanings of the arguments.

Synopsis

unset bot profile [-signature] [-errorURL] [-trapURL] [-comment] [-whiteList] [-blackList] [-rateLimit] [-deviceFingerprint] [-deviceFingerprintAction] [-ipReputation] [-trap] [-signatureNoUserAgentHeaderAction] [-signatureMultipleUserAgentHeaderAction] [-trapAction] [-tps] [-deviceFingerprintMobile] [-clientIpExpression] [-KMJavaScriptName] [-KMDetection] [-KMEventsPostBodyLimit] [-verboseLogLevel]

rm bot profile

Removes the specified bot management profile.

Synopsis

rm bot profile

Arguments

name Name of the profile.

Was this article helpful?