Bug ID 746366: Legitimate user might get blocked by "bot defense" when using MacBook

Last Modified: Mar 02, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2

Opened: Oct 10, 2018
Severity: 3-Major

Symptoms

Anomaly "Rapid Mouse Clicks" is sometimes detected when browsing using MacBook.

Impact

A legitimate user might be blocked.

Conditions

Enabling Bot Defense feature, and browsing using MacBook. Blocking will happen only if enforcement mode is "blocking" and the mitigation for the anomaly (or its class/category - "Malicious Bot"/"Browser Automation") is set to "Block".

Workaround

Raising the threshold of the anomaly: 1. In "Security ›› Bot Defense : Bot Defense Profiles ›› bot-defense -> Mitigation Settings" click on "Add Exception". 2. Search for "Rapid Mouse Clicks", check it and press "Add". A section will be added under "Mitigation Settings Exceptions", with the title "Rapid Mouse Clicks". 3. Change field "Detect after" to 5. It is possible to change the action to "Alarm" as well to ignore this anomaly completely.

Fix Information

None

Behavior Change