Forum Discussion

WaterSoup's avatar
Icon for Nimbostratus rankNimbostratus
Feb 18, 2022

Application attack from different source IPs

Hello everyone, Can anyone help me in a scenario where we currently have an externally exposed API we are constantly receiving requests from thousands of different ip's, in a scenario that the norma...
  • Daniel_Wolf's avatar
    Feb 18, 2022

    Hello WaterSoup

    there are a couple of possible mitigations:

    • IP Intelligence Subscription - will protect you from known bad actor IP addresses.
    • Bot Defense - offers multiple ways of discovering and mitigating bots.
    • Behavioral DoS (L7 DoS) Protection - offers a ML approach to mitigatie Layer 7 DDoS attacks.
    • API Protection with APM - helps you to easily configure rate-limiting and add authentication to your API.

    Before you apply any of these, please update to BIG-IP 14.1 (appliance) or 15.1 (VE). See K54845583: F5 Support recommendations for selecting your next version of BIG-IP or BIG-IQ, there it says:
    "At a minimum, F5 recommends that you upgrade your BIG-IP appliances to at least BIG-IP 14.1 and your BIG-IP VEs to at least BIG-IP 15.1."

    Also upgrading to 14.1 will allow you to use AWAF. Some of the above mentioned features might not be available in 13.1. Please read this devcentral article regarding the upgrade: From ASM to Advanced WAF: Advancing your Application Security 

    If all the above won't help you to mitigate the attacks - contact F5 and ask for Shape.
    Or take a look at the latest and greatest from F5:  Web App and API Protection (WAAP)