Forum Discussion
NimbostratusASM: How to block a user holding down F5 Key
A user holding down the F5 key causes constant refreshes and creates too much traffic in our backend. We have the ASM Module and have tried different DOS profile settings, specifically TPS-based and Stress-based detection. We set it to use CAPTCHA, but after holding down the F5 key, CAPTCHA does not come up and the site hangs.
Another factor, we do not want to block by IP, only by device. We have multiple customers behind the same external IP and do not want to lock them out.
Any suggestions?
4 Replies
Jason0_309417Cirrus
What TPS limits have you tried? You can always put an iRule in place while you workout the ASM policy. Something to display an error message or do an HTTP::close.
when HTTP_REQUEST { if {[info exists refresh_count] } { if { [HTTP::header value "If-Modified-Since"] ne "" } { incr refresh_count } if { $refresh_count > 10 } { HTTP::respond 200 content "Nope" } } else { set refresh_count 0 } }
Company_B_88989Thanks, I am going to try the iRule.
The holding down F5 key doesn't even trigger a DOS most of the time yet we see hundreds of db connections. We are trying this in a test environment, so the increases TPS by 500% and 5 TPS does not trigger the DOS.
I can only trigger the DOS by putting the TPS at 1 and tapping F5, which gives me the CAPTCHA page (when set).
- Jason0_309417
You may also want to look the the "Connection Rate Limit" and "Connection Limit" fields on the virtual server configuration page.
Nicholas_P__308I would physically remove said user from the keyboard.
