ASM Geolocation TPS-based DoS Detection

Question

I have enabled&nbsp;Geolocation TPS-based DoS Detection, but some legal users (Around 10 users) from one country encountered Captcha page. The web site is still not opening to public, so only internal users can access. I wonder why F5 ASM will treat this as attack.The default criteria:Geolocation traffic share increased by 500% andGeolocation traffic share is at least 10%&nbsp;

mohamed_salah_ · Answer

Hello,you can start checking the logs what was the root cause of the block request and (captcha challenege)?because there are geolocaiton enforcmenet in two different locations, one for the DoS profile as you mentioned, and there is another one inside the ASM policy itself.Regarding the private IPs, you can select (N/A) in the enable list or "allow access" inside the ASM policy as per the below link:https://support.f5.com/csp/article/K00326730If the captcha was generated because of the DoS profile, you can check what country was matching with these blocked IPs (which were legal internal users) and enabling this country in the DoS profile.Also, keep your IP geolocation database up to date by following the below article:https://support.f5.com/csp/article/K11176&nbsp;BR,Mohamed Salah

Forum Discussion

ASM Geolocation TPS-based DoS Detection

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Edge to Pulse: IP Geolocation Database Migration

BIG-IP Geolocation Updates – Part 1

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

BIG-IP Geolocation Updates – Part 7

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS