Forum Discussion

Nimbostratus

Nov 17, 2012

ASM DDOS Protection

How will ASM block attackers only , while not blocing normal users ? or under DDOS limits to drop traffic will be applied to all ( attackers and valid users ) ? https://devcentral.f5.com/community...

app sec

BIG-IP Access Policy Manager (APM)

security

rob_carr

Cirrocumulus

Dec 19, 2012

How the ASM responds to a DoS attack depends on the Prevention Policy configuration:

- If you select 'Source IP-Based Rate Limiting', then only offending IP addresses are affected

- If you select 'Source IP-Based Client-Side Integrity Defense' then offending IP addresses will have their connections evaluated

Choosing either of the two methods above will allow you to configure the IP Detection Criteria values.

- If you select 'URL-Based Rate Limiting' then all connections made to a particular URL will be affected, including both normal and exploit related traffic.

- If you select 'URL-Based Client-Side Integrity Defense', then all connections to a particular URL will be evaluated, presumably affecting only those sessions coming from bots/scripts.

Choosing either of the two methods above will allow you to configure the URL Detection Criteria values.

'URL-Based Client-Side Integrity Defense' is your best choice if you are looking for Distributed DoS protection.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)