After you have configured Biometrics Based Detection policies, you can select them in WAF profiles.
- You must have Read-Write permission for Security settings.
- Go to Web Application Firewall > Biometrics Based Detection.
- In the Biometrics Based Detection tab, click Create New to display the configuration editor.
- Configure the following Biometrics Based Detection settings:
Specify a name for the Biometrics Based Detection rule. Valid characters are
-. No spaces.
The configuration name cannot be edited once it has been saved.
Ignore JS Check
Monitor Client Events
Select one or more client events to monitor:
- Mouse Movement
- Screen Touch
By default, Mouse Movement, Click, and Keyboard are preselected. If the configuration is saved with no Monitor Client Events selected, it will default to the preselected client events.
Specify a WAF action object to apply when a bot is detected. See Configuring WAF Action objects.
The default action is alert.
Select the event severity to log when a bot is detected:
- High — Log as high severity events.
- Medium — Log as a medium severity events.
- Low — Log as low severity events.
The default is Low.
Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.
- Click Save.
Once the configuration is saved, the URL List becomes configurable. The Biometrics Based Detection policy will be applied to the request URLs in the URL List.
- Under the URL List section, click Create New to display the configuration editor.
- Configure the following URL List settings:
Host Status If enabled, require authorization only for the specified host. If disabled, ignore hostname in the HTTP request header and require authorization for requests with any Host header. Disabled by default. Host
The Host option is available if Host Status is enabled.
Specify the HTTP Host header. If Host Status is enabled, the policy matches only if the Host header matches this value. Complete, exact matching is required. For example,
Request URL The literal URL, such as
/index.php, or a regular expression, such as
^/*.phpthat the HTTP request must contain in order to match the rule. Multiple URLs are supported.
- Click Save.
Once the URL List configuration is saved, you are returned to the Biometrics Based Detection configuration editor.
- Click Save again to apply the newly created URL List configuration to the Biometrics Based Detection configuration.