This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Imperva seeing Dynatrace synthetics as a bad bot

Go to solution
bogoja_jovanosk
Participant

‎03 Mar 2023 10:08 PM - last edited on ‎06 Mar 2023 08:46 AM by Community Team

Our firm is utilizing a security tool called Imperva to protect the website against bad bots and DDoS attacks, but it is scanning our synthetics as bad bots. Has anyone come across this issue and if so what are some solutions that can be proposed?

The security team and Imperva are reluctant to white list the IP ranges of the synthetic ActiveGates.

Also, does anyone know if browser click paths have certain request attributes that Dynatrace adds when executing that we can add to the Imperva exception list?

 

0 Kudos
Reply
3 REPLIES 3

Go to solution
AntonioSousa
DynaMight Guru
DynaMight Guru

‎05 Mar 2023 09:40 AM

@bogoja_jovanosk,

I have had this issue with another solution that is not Imperva. There are two main reasons why Imperva might be signalling this, in my opinion:

  1. Dynatrace synthetic monitors run from cloud IPs [AWS,Azure, ...]. It is normal for security solutions to signal this, as there are not normally real users accessing from those IPs. Given that these are Dynatrace servers, you can white-list them without any problem. The list of IPs is available in the list of synthetic agents, so you can define a precise list.
  2. The user-agent that Dynatrace uses is not a known user-agent for browsers. You have two ways around this: configure Imperva to signal that an user agent that starts with "DynatraceSynthetic/" is good, as explained in https://www.dynatrace.com/support/help/platform-modules/digital-experience/synthetic-monitoring/http... ; or configure your synthetics to use a known browser User-agent. This is for HTTP monitors, as I believe for browser monitors the Chrome signature is used...
Antonio Sousa
Reply

Go to solution
bogoja_jovanosk
Participant
In response to AntonioSousa

‎29 Jun 2023 07:30 PM

Hi Antonio,

Thanks for the reply. This issue is coming up again from Imperva. 

So to first reply to your points:

  1. Our security team is reluctant to white list IP addresses as there can be a way to go around Dynatrace servers (spoofing) to attack Prudential network.
  2. This is seen as a security risk/entry point of attack as well as someone can create a DDoS attack by spoofing the user agent to bypass the bot protection firewall.

Does Dynatrace work with security vendors like Imperva to make synthetics be seen as a good bot? I see that they have other vendors that can be selected to seen as a good bot like logicmonitor, pingdom, but Dynatrace is not one. I would think Dynatrace as one of the leading industry observability platforms would be part of the Imperva Bot Protection "good bot" category. 

 

Reply

Go to solution
HannahM
Dynatrace Leader
Dynatrace Leader

‎06 Mar 2023 11:51 AM

Most tools use the User Agent string to define if it's a bot or not. 

For Browser Monitors, we add RuxitSynthetic/1.0 to the User Agent string and for HTTP Monitors we add DynatraceSynthetic/{version}, so I would just add a rule for DynatraceSynthetic/ as the version will change every time you update your ActiveGates or we update the Public location versions 

Synthetic SME and community advocate.
Reply
Ask a question

Featured Posts