Device Fingerprint Challenge for Edge Policies

Alternatively, open the Web Application Firewall page and click Policies under Resources.

The WAF Policies page appears.

All the WAF policies in that compartment are listed in tabular form.

• State

• Name

• Policy Type: Select Edge Policy.

The Details page of the edge policy you selected appears.

The Bot Management list appears.

The Device Fingerprint Challenge dialog box appears.

• Device Fingerprint Challenge Action section: Choose one of the following options:

  • Detect Only: Select this option if you want to be alerted for every matched request.

  • Block: Select this option to block requests by returning a response code, error page, or CAPTCHA.

    Complete the following:

    • Block Action: Select one of the following actions that is taken when a matching request is blocked.

      • Set Response Code:

        Complete the following:

        • Block response code: Select a status code to return in response to blocked requests.

      • Show Error Page:

        Complete the following:

        • Block response code: Select a status code to return in response to blocked requests.

        • Block error page message:: Enter the message that defines the error or error code.

        • Block error page description: Enter more details about the error, including the cause and further instructions.

        • Block Error Page Code: Enter the error code that is displayed with the error.

      • Show CAPTCHA:

        Complete the following:

        • CAPTCHA Title: Enter the text for the CAPTCHA page title.

        • CAPTCHA Header: Enter the text that appears before the CAPTCHA image (for example, "I am not a robot").

        • CAPTCHA Footer Text: Enter the text that will be shown after the CAPTCHA input box and before the submit button.

        • CAPTCHA submit button: Enter the text for the Submit button (for example, "Yes, I am human.").

        • Preview CAPTCHA: Click to view the CAPTCHA as users would see it. Click Edit CAPTCHA to return.

1. Complete the following information:

   • Action threshold (number of requests): Specify the number of failed requests before the action occurs. Because of the asynchronous request from the browser during page loading, it is recommended to set a threshold of 10 for web applications with basic Ajax usage, and 100 for apps with heavy Ajax usage.

   • Threshold expiry period (seconds): The number of seconds before the threshold expires.

   • Action expire time (seconds): Enter the number of seconds between challenges to the same IP address. Because of client IP address changes, it is recommended that the expiry time is set to 120 seconds for apps with mobile users and 3,600 seconds for apps with desktop users only.

   • Max address count (IP addresses): The maximum number of IP addresses that are added to the list before the specified action is taken.

   • Max address count expiration (seconds): The number of seconds an IP address is kept in the list before it is removed.

2. Click Save Changes.

Alternatively, open the Web Application Firewall page and click Policies under Resources.

The WAF Policies page appears.

All the WAF policies in that compartment are listed in tabular form.

• State

• Name

• Policy Type: Select Edge Policy.

The Details page of the edge policy you selected appears.

The Bot Management list appears.

The tab indicates whether the device fingerprint challenge is enabled or not.

The Edit Device Fingerprint Challenge dialog box appears.

See Enabling and Editing the Device Fingerprint Challenge for an Edge Policy for more information on these settings.