Forum Discussion

Nimbostratus

Feb 18, 2022

Application attack from different source IPs

Hello everyone, Can anyone help me in a scenario where we currently have an externally exposed API we are constantly receiving requests from thousands of different ip's, in a scenario that the norma...

Application attack different source ips

security

Daniel_Wolf
Feb 18, 2022
Hello WaterSoup,

there are a couple of possible mitigations:

IP Intelligence Subscription - will protect you from known bad actor IP addresses.

Bot Defense - offers multiple ways of discovering and mitigating bots.

Behavioral DoS (L7 DoS) Protection - offers a ML approach to mitigatie Layer 7 DDoS attacks.

API Protection with APM - helps you to easily configure rate-limiting and add authentication to your API.

Before you apply any of these, please update to BIG-IP 14.1 (appliance) or 15.1 (VE). See K54845583: F5 Support recommendations for selecting your next version of BIG-IP or BIG-IQ, there it says:
"At a minimum, F5 recommends that you upgrade your BIG-IP appliances to at least BIG-IP 14.1 and your BIG-IP VEs to at least BIG-IP 15.1."

Also upgrading to 14.1 will allow you to use AWAF. Some of the above mentioned features might not be available in 13.1. Please read this devcentral article regarding the upgrade: From ASM to Advanced WAF: Advancing your Application Security

If all the above won't help you to mitigate the attacks - contact F5 and ask for Shape.
Or take a look at the latest and greatest from F5: Web App and API Protection (WAAP)

KR
Daniel

Daniel_Wolf

MVP

Feb 18, 2022

Hello WaterSoup,

there are a couple of possible mitigations:

IP Intelligence Subscription - will protect you from known bad actor IP addresses.
Bot Defense - offers multiple ways of discovering and mitigating bots.
Behavioral DoS (L7 DoS) Protection - offers a ML approach to mitigatie Layer 7 DDoS attacks.
API Protection with APM - helps you to easily configure rate-limiting and add authentication to your API.

Before you apply any of these, please update to BIG-IP 14.1 (appliance) or 15.1 (VE). See K54845583: F5 Support recommendations for selecting your next version of BIG-IP or BIG-IQ, there it says:
"At a minimum, F5 recommends that you upgrade your BIG-IP appliances to at least BIG-IP 14.1 and your BIG-IP VEs to at least BIG-IP 15.1."

Also upgrading to 14.1 will allow you to use AWAF. Some of the above mentioned features might not be available in 13.1. Please read this devcentral article regarding the upgrade: From ASM to Advanced WAF: Advancing your Application Security

If all the above won't help you to mitigate the attacks - contact F5 and ask for Shape.
Or take a look at the latest and greatest from F5: Web App and API Protection (WAAP)

KR
Daniel

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Application attack from different source IPs

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

DDoS Attack Trends for 2021

ASM Attack Signature Sets

Are ASM Attack Signature Updates Cummulative?

attack Signature detected but i can not find keyword inside request

SSL passthrough VIP - mitigating birthday attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS