F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

StuKirby's avatar
StuKirby
Icon for Nimbostratus rankNimbostratus
May 07, 2019

ASM Violation Block IP

I want to know of there's a way to block or shun an IP based off how many ASM Violations a Source triggers. I know DoS profiles can look for an increase in volume of traffic but I would like an optio...
ASM Advanced WAF
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
May 07, 2019

StuKirby,

This is hypothetical but not tested as my own lab is unavailable for maintenance. In 

Security  ››  Application Security : Sessions and Logins : Session Tracking
you can enable Session Awareness, perhaps select None for Application Username and then if you see under Block All section you can enable an IP Address threshold (and above that amend the Violation Detection Period). Alternatively Delay Blocking allows a number of violations and then blocks. You would need to enable the following violation to 
Block Access from disallowed User/Session/IP

Does this help achieve what you need to achieve?

N