This section describes the steps to enable Bot Management through CLI.

The following are the steps to configure Bot using the CLI:

Procedure

  1. Bind the Bot detection policy to the virtual service.
  2. Add HTTP security policy to take the action on the classified Bot. 
     [admin:ctrl]:> configure virtualservice Bot-VS
 [admin:ctrl]: virtualservice> bot_policy_ref System-BotDetectionPolicy
 [admin:ctrl]: virtualservice> save
  3. Add HTTP security policy to take the action on the classified Bot. 
    [admin:ctrl]: > configure httppolicyset Demo
 [admin:ctrl]: httppolicyset> http_security_policy 
 [admin:ctrl]: httppolicyset:http_security_policy> rules 
 New object being created                                      
 [admin:ctrl]: httppolicyset:http_security_policy:rules> name rule1
 [admin:ctrl]: httppolicyset:http_security_policy:rules> match 
 [admin:ctrl]: httppolicyset:http_security_policy:rules:match>
 [admin:ctrl]: httppolicyset:http_security_policy:rules:match> bot_detection_result match_operation is_in
 [admin:ctrl]: httppolicyset:http_security_policy:rules:match:bot_detection_result> 
 [admin:ctrl]: httppolicyset:http_security_policy:rules:match:bot_detection_result> classifications 
 New object being created
 [admin:ctrl]: httppolicyset:http_security_policy:rules:match:bot_detection_result:classifications> type dangerous_bot 
 [admin:ctrl]: httppolicyset:http_security_policy:rules:match:bot_detection_result:classifications> 
 [admin:ctrl]: httppolicyset:http_security_policy:rules:match:bot_detection_result:classifications> save
 [admin:ctrl]: httppolicyset:http_security_policy:rules:match:bot_detection_result> save
 [admin:ctrl: httppolicyset:http_security_policy:rules:match> save
 [admin:ctrl]: httppolicyset:http_security_policy:rules> action
 [admin:ctrl]: httppolicyset:http_security_policy:rules:action> action http_security_action_close_conn 
 [admin:ctrl]: httppolicyset:http_security_policy:rules:action> save
 [admin:ctrl]: httppolicyset:http_security_policy:rules> save
 [admin:ctrl]: httppolicyset:http_security_policy> save
 [admin:ctrl]: httppolicyset> save
    Note:

    For each of the default objects in the system, the admin can supply their own logic that takes precedence.

    • System-BotConfigConsolidator - Custom consolidation script

    • System-BotMapping - Custom mapping

    • System-BotIPReputationTypeMapping - Custom mapping

    Creating the customized botdetectionpolicy, botmapping, botconfigconsolidator and so on is supported. However, if you need to custom any of these, you can contact the Support team. To learn about the support options available for you, visit the VMware Support Offerings and Services page.