Forum Discussion
StuKirby
Nimbostratus
May 07, 2019ASM Violation Block IP
I want to know of there's a way to block or shun an IP based off how many ASM Violations a Source triggers. I know DoS profiles can look for an increase in volume of traffic but I would like an option or a rule somewhere to say if an IP causes "X" number of ASM Alarmed Violations in a time period then perform Block or Shun.
1 Reply
Sort By
- nathe
Cirrocumulus
StuKirby,
This is hypothetical but not tested as my own lab is unavailable for maintenance. In
you can enable Session Awareness, perhaps select None for Application Username and then if you see under Block All section you can enable an IP Address threshold (and above that amend the Violation Detection Period). Alternatively Delay Blocking allows a number of violations and then blocks. You would need to enable the following violation toSecurity ›› Application Security : Sessions and Logins : Session Tracking
Block Access from disallowed User/Session/IP
Does this help achieve what you need to achieve?
N
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects