Forum Discussion
NimbostratusASM to drop request not block
i believe it isn't possible but just checking to be really sure :)
is it possible with just the normal ASM functionality to drop request? so not the block page or redirect or ...
i know it can be done with an iRule, but wondering if it can be done somewhere within the security policy.
3 Replies
Erik_NovakEmployee
You are correct--there is no way to drop a request from within the security policy has you describe. The only functionality that can offer something like you describe is the rate limiting feature in the L7 DoS profile. If you select rate limiting, and the thresholds for requests or latency are reached, then ASM will reset (not drop) the connection.
Since ASM works at layer 7, it probably makes more sens to configure a predictable behavior when a violation occurs, rather than just dropping the connection which might lead to a hanging behavior from the client. https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/25.html?sr=46193579 shows how to configure redirect or custom blocking page.
However, If doping is really what is wanted, then iRule is a good option.
- boneyard
MVP
yeah i know, im in favor of block pages, but not everyone is. they like the idea of silent drops as to not to inform the other party too much.
thanks for the answers, i know what to do.
