The user identification rules include headers, TLS fingerprints , ip addresses etc. but not the XC WAF generated TS session cookie and this session cookie is available on F5 AWAF/ASM for session tracking. If the WAF is licensed on XC this will be a nice option.

Outside of that if the XC Bot protection is licences a nice integration will be to use the Device ID + that is generated by Shape security as a user identification as on F5 AWAF/ASM the Bot protection Device ID can be used for the session tracking. If the Bot Protection is licensed on XC this will be a nice option.

https://my.f5.com/manage/s/article/K02212345

f5-xc-user-id.PNG

×

Attachments Open full size