For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

spalande's avatar
spalande
Icon for Nacreous rankNacreous
Aug 20, 2015

Anomaly detection ASM

We want to use anomaly detection feature of ASM protecting from Bot attack. we would like to configure based on client side integrity based and rate limiting on session. We would use web scraping and...
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Aug 20, 2015

If the ASM sees the same IP address then it will trigger the anomaly detection based on the IP metrics e.g. in DOS the Suspicious IP setting. It will then trigger the protections based on what you select e.g. Source IP Rate Limiting or Source IP Client Side Integrity. Rate Limiting is not an option as it'll affect all clients. Client Side Integrity checking will inject Javascript in the responses so, in that case, whilst all clients will be affected, only clients that cannot process javascript (e.g. a BOT) will fail and, hence, be blocked.

 

Does Akamai not pass the client's source IP address? I thought it used the True-Client-IP header? If so then you can configure ASM to trust either this header, or perhaps it might use the X-Forwarded-For header. If the former then configure the Custom XFF Header in the ASM policy.

 

This way ASM will see the true client IP and enable protections based on this.

 

Hope this helps,

 

N