Bug ID 746366: Legitimate user might get blocked by "bot defense" when using MacBook

Last Modified: Sep 14, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Opened: Oct 10, 2018

Severity: 3-Major

Symptoms

Anomaly "Rapid Mouse Clicks" is sometimes detected when browsing using MacBook.

Impact

A legitimate user might be blocked.

Conditions

Enabling Bot Defense feature, and browsing using MacBook. Blocking will happen only if enforcement mode is "blocking" and the mitigation for the anomaly (or its class/category - "Malicious Bot"/"Browser Automation") is set to "Block".

Workaround

Raising the threshold of the anomaly: 1. In "Security ›› Bot Defense : Bot Defense Profiles ›› bot-defense -> Mitigation Settings" click on "Add Exception". 2. Search for "Rapid Mouse Clicks", check it and press "Add". A section will be added under "Mitigation Settings Exceptions", with the title "Rapid Mouse Clicks". 3. Change field "Detect after" to 5. It is possible to change the action to "Alarm" as well to ignore this anomaly completely.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips