Forum Discussion

StuKirby's avatar
Icon for Nimbostratus rankNimbostratus
May 07, 2019

ASM Violation Block IP

I want to know of there's a way to block or shun an IP based off how many ASM Violations a Source triggers. I know DoS profiles can look for an increase in volume of traffic but I would like an option or a rule somewhere to say if an IP causes "X" number of ASM Alarmed Violations in a time period then perform Block or Shun.


1 Reply

  • nathe's avatar
    Icon for Cirrocumulus rankCirrocumulus


    This is hypothetical but not tested as my own lab is unavailable for maintenance. In

    Security  ››  Application Security : Sessions and Logins : Session Tracking
    you can enable Session Awareness, perhaps select None for Application Username and then if you see under Block All section you can enable an IP Address threshold (and above that amend the Violation Detection Period). Alternatively Delay Blocking allows a number of violations and then blocks. You would need to enable the following violation to
    Block Access from disallowed User/Session/IP

    Does this help achieve what you need to achieve?