If the method succeeds, rc is 0 else rc > 0. Values above 0x8000 indicate Warnings.

If the method succeeds, message is NULL else message contains Error/Warning message.

List of botprofiles

Name of the bot management profile.

Name of object containing bot static signature details.

URL that Bot protection uses as the Error URL.

URL that Bot protection uses as the Trap URL.

Any comments about the purpose of profile, or other useful information about the profile.

Flag to determine if bot profille is built-in or not

Enable white-list bot detection.

Enable black-list bot detection.

Enable rate-limit bot detection.

Enable device-fingerprint bot detection

Action to be taken for device-fingerprint based bot detection.

Enable IP-reputation bot detection.

Enable trap bot detection.

Actions to be taken if no User-Agent header in the request (Applicable if Signature check is enabled).

Actions to be taken on a spoofed request (A request spoofing good bot user agent string).

Actions to be taken if multiple User-Agent headers are seen in a request (Applicable if Signature check is enabled). Log action should be combined with other actions

Action to be taken for bot trap based bot detection.

Enable TPS.

Blacklist binding. Maximum 32 bindings can be configured per profile for Blacklist detection.

Whitelist binding. Maximum 32 bindings can be configured per profile for Whitelist detection.

Rate-limit binding. Maximum 30 bindings can be configured per profile for rate-limit detection. For SOURCE_IP type, only one binding can be configured, and for URL type, only one binding is allowed per URL, and for SESSION type, only one binding is allowed for a cookie name. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with new values.

IP reputation binding. For each category, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with the new values.

Captcha action binding. For each URL, only one binding is allowed. To update the values of an existing URL binding, user has to first unbind that binding, and then needs to bind the URL again with new values. Maximum 30 bindings can be configured per profile.

TPS binding. For each type only binding can be configured. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with new values.

Type of the black-list entry.

Type of the white-list entry.

Enabled or disbaled black-list binding.

Enabled or disabled white-list binding.

Value of the bot black-list entry.

Value of bot white-list entry.

One or more actions to be taken if bot is detected based on this Blacklist binding. Only LOG action can be combined with DROP or RESET action.

Type of TPS binding.

Maximum number of requests that are allowed from (or to) a IP, Geolocation, URL or Host in 1 second time interval.

Maximum percentage increase in the requests from (or to) a IP, Geolocation, URL or Host in 30 minutes interval.

One to more actions to be taken if bot is detected based on this TPS binding. Only LOG action can be combined with DROP, RESET, REDIRECT, or MITIGIATION action.

Enabled or disabled TPS binding.

IP Repuation category. Following IP Reuputation categories are allowed: *IP_BASED - This category checks whether client IP is malicious or not. *BOTNET - This category includes Botnet C&C channels, and infected zombie machines controlled by Bot master. *SPAM_SOURCES - This category includes tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities. *SCANNERS - This category includes all reconnaissance such as probes, host scan, domain scan, and password brute force attack. *DOS - This category includes DOS, DDOS, anomalous sync flood, and anomalous traffic detection. *REPUTATION - This category denies access from IP addresses currently known to be infected with malware. This category also includes IPs with average low Webroot Reputation Index score. Enabling this category will prevent access from sources identified to contact malware distribution points. *PHISHING - This category includes IP addresses hosting phishing sites and other kinds of fraud activities such as ad click fraud or gaming fraud. *PROXY - This category includes IP addresses providing proxy services. *NETWORK - IPs providing proxy and anonymization services including The Onion Router aka TOR or darknet. *MOBILE_THREATS - This category checks client IP with the list of IPs harmful for mobile devices. *WINDOWS_EXPLOITS - This category includes active IP address offering or distributig malware, shell code, rootkits, worms or viruses. *WEB_ATTACKS - This category includes cross site scripting, iFrame injection, SQL injection, cross domain injection or domain password brute force attack. *TOR_PROXY - This category includes IP address acting as exit nodes for the Tor Network. *CLOUD - This category checks client IP with list of public cloud IPs. *CLOUD_AWS - This category checks client IP with list of public cloud IPs from Amazon Web Services. *CLOUD_GCP - This category checks client IP with list of public cloud IPs from Google Cloud Platform. *CLOUD_AZURE - This category checks client IP with list of public cloud IPs from Azure. *CLOUD_ORACLE - This category checks client IP with list of public cloud IPs from Oracle. *CLOUD_IBM - This category checks client IP with list of public cloud IPs from IBM. *CLOUD_SALESFORCE - This category checks client IP with list of public cloud IPs from Salesforce.

One or more actions to be taken if bot is detected based on this IP Reputation binding. Only LOG action can be combinded with DROP, RESET, REDIRECT or MITIGATION action.

Enabled or disabled IP-repuation binding.

Rate-limiting type Following rate-limiting types are allowed: *SOURCE_IP - Rate-limiting based on the client IP. *SESSION - Rate-limiting based on the configured cookie name. *URL - Rate-limiting based on the configured URL. *GEOLOCATION - Rate-limiting based on the configured country name. *JA3_FINGERPRINT - Rate-limiting based on client SSL JA3 fingerprint.

URL for the resource based rate-limiting.

Cookie name which is used to identify the session for session rate-limiting.

Maximum number of requests that are allowed in this session in the given period time.

Rate-Limiting traffic Type

Expression to be used in a rate-limiting condition. This expression result must be a boolean value.

Time interval during which requests are tracked to check if they cross the given rate.

One or more actions to be taken when the current rate becomes more than the configured rate. Only LOG action can be combined with DROP, REDIRECT, RESPOND_STATUS_TOO_MANY_REQUESTS or RESET action.

Enable or disable rate-limit binding.

URL for which the Captcha action, if configured under IP reputation, TPS or device fingerprint, need to be applied.

Wait time in seconds for which ADC needs to wait for the Captcha response. This is to avoid DOS attacks.

Time (in seconds) duration for which no new captcha challenge is sent after current captcha challenge has been answered successfully.

Time (in seconds) duration for which client which failed captcha need to wait until allowed to try again. The requests from this client are silently dropped during the mute period.

Length of body request (in Bytes) up to (equal or less than) which captcha challenge will be provided to client. Above this length threshold the request will be dropped. This is to avoid DOS and DDOS attacks.

Number of times client can retry solving the captcha.

One or more actions to be taken when client fails captcha challenge. Only, log action can be configured with DROP, REDIRECT or RESET action.

Enable or disable the captcha binding.

Enable logging for Whitelist binding.

Message to be logged for this binding.

Any comments about this binding.

Bind the trap URL for the configured request URLs. Maximum 30 bindings can be configured per profile.

Request URL regex pattern for which Trap URL is inserted.

Enable or disable the request URL pattern.

Enabling bot device fingerprint protection for mobile clients

Enable Headless Browser detection.

Log expression binding.

Name of the log expression object.

Expression whose result to be logged when violation happened on the bot profile.

Enable or disable the log expression binding.

Expression to get the client IP.

Name of the JavaScript file that the Bot Management feature will insert in the response for keyboard-mouse based detection. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my javascript file name" or 'my javascript file name').

Enable keyboard-mouse based bot detection.

Keyboard-mouse based detection binding. For each name, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, then needs to bind again with new vlaues. Maximum 30 bindings can be configured per profile.

Enable or disable the keyboard-mouse based binding.

Name of the keyboard-mouse expression object.

JavaScript file for keyboard-mouse detection, would be inserted if the result of the expression is true.

Size of the KM data send by the browser, needs to be processed on ADC

Bot verbose Logging. Based on the log level, ADC will log additional information whenever client is detected as a bot.

Country name which is used for geolocation rate-limiting.

Number of requests to allow without bot session cookie if device fingerprint is enabled

Name of the SessionCookie that the Bot Management feature uses for tracking. Must begin with a letter or number, and can consist of from 1 to 31 letters, numbers, and the hyphen (-) and underscore (_) symbols. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, "my cookie name" or 'my cookie name').

Timeout, in seconds, after which a user session is terminated.

Add the specified flags to bot session cookies. Available settings function as follows: * None - Do not add flags to cookies. * HTTP Only - Add the HTTP Only flag to cookies, which prevents scripts from accessing cookies. * Secure - Add Secure flag to cookies. * All - Add both HTTPOnly and Secure flags to cookies.