For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KF2's avatar
KF2
Icon for Nimbostratus rankNimbostratus
Jun 07, 2022

ASM Geolocation TPS-based DoS Detection

I have enabled Geolocation TPS-based DoS Detection, but some legal users (Around 10 users) from one country encountered Captcha page. The web site is still not opening to public, so only internal use...
security
Mohamed_Salah_'s avatar
Mohamed_Salah_
Icon for MVP rankMVP
Oct 22, 2022

Hello,

you can start checking the logs what was the root cause of the block request and (captcha challenege)?

because there are geolocaiton enforcmenet in two different locations, one for the DoS profile as you mentioned, and there is another one inside the ASM policy itself.

Regarding the private IPs, you can select (N/A) in the enable list or "allow access" inside the ASM policy as per the below link:

https://support.f5.com/csp/article/K00326730

If the captcha was generated because of the DoS profile, you can check what country was matching with these blocked IPs (which were legal internal users) and enabling this country in the DoS profile.

Also, keep your IP geolocation database up to date by following the below article:

https://support.f5.com/csp/article/K11176

 

BR,

Mohamed Salah