Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

SSHSSH_97332's avatar
SSHSSH_97332
Icon for Nimbostratus rankNimbostratus
Nov 17, 2012

ASM DDOS Protection

How will ASM block attackers only , while not blocing normal users ? or under DDOS limits to drop traffic will be applied to all ( attackers and valid users ) ? https://devcentral.f5.com/community...
app sec
BIG-IP Access Policy Manager (APM)
security
rob_carr's avatar
rob_carr
Icon for Cirrocumulus rankCirrocumulus
Dec 19, 2012

How the ASM responds to a DoS attack depends on the Prevention Policy configuration:

 

- If you select 'Source IP-Based Rate Limiting', then only offending IP addresses are affected

 

- If you select 'Source IP-Based Client-Side Integrity Defense' then offending IP addresses will have their connections evaluated

 

Choosing either of the two methods above will allow you to configure the IP Detection Criteria values.

 

- If you select 'URL-Based Rate Limiting' then all connections made to a particular URL will be affected, including both normal and exploit related traffic.

 

- If you select 'URL-Based Client-Side Integrity Defense', then all connections to a particular URL will be evaluated, presumably affecting only those sessions coming from bots/scripts.

 

Choosing either of the two methods above will allow you to configure the URL Detection Criteria values.

 

'URL-Based Client-Side Integrity Defense' is your best choice if you are looking for Distributed DoS protection.