Evergrim
Nov 27, 2023Altocumulus
ASM DoS Profile blacklist duration
Hi,
We had to create a DoS profile for a virtual server at the weekend due to a DoS attack.
I have activated three vectors in the profile
- Behavioral Anomalous Bad Actors
- Stress-based High-Volume Client IP
- TPS-based High-Volume Client IP
Request Blocking is set to "Block all".
Today the question came up as to how long the blocked IPs remain blocked. It's been a while since my ASM training, but I knew that there was a setting. So I found this article, but there are no "General Settings" when I create a new profile.
Now to my questions:
1. does the statement that the IP of a bad actor remains blocked for 4h by default fit?
2. where can this setting be found (we use OS version 16.1.3.4)
best regards and many thanks
B