Forum Discussion

Nacreous

Aug 20, 2015

Anomaly detection ASM

We want to use anomaly detection feature of ASM protecting from Bot attack. we would like to configure based on client side integrity based and rate limiting on session. We would use web scraping and...

nathe

Cirrocumulus

Aug 20, 2015

If the ASM sees the same IP address then it will trigger the anomaly detection based on the IP metrics e.g. in DOS the Suspicious IP setting. It will then trigger the protections based on what you select e.g. Source IP Rate Limiting or Source IP Client Side Integrity. Rate Limiting is not an option as it'll affect all clients. Client Side Integrity checking will inject Javascript in the responses so, in that case, whilst all clients will be affected, only clients that cannot process javascript (e.g. a BOT) will fail and, hence, be blocked.

Does Akamai not pass the client's source IP address? I thought it used the True-Client-IP header? If so then you can configure ASM to trust either this header, or perhaps it might use the X-Forwarded-For header. If the former then configure the Custom XFF Header in the ASM policy.

This way ASM will see the true client IP and enable protections based on this.

Hope this helps,

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)