Forum Discussion

saidshow_251381's avatar
saidshow_251381
Icon for Cirrostratus rankCirrostratus
Dec 07, 2016

Can I use the F5 for Rate Limiting?

I had been looking at the Session Tracking in ASM previously hoping that it would be able to perform rate limiting. Unfortunately it seems that in order for any lockout to occur via Session Tracking ...
ASM Advanced WAF
lock out
LTM
rate
rate limiting
security
session
slow down
  • saidshow_251381's avatar
    saidshow_251381
    Dec 08, 2016

    I tested session tracking, iRules and DoS profiles. For what I want to do the DoS profiles suit best. The limitation I had with session tracking is that this requires a threshold of policy violations to be triggered - replaying valid traffic would never trigger a violation. When I tried rate limiting with iRules, I was blocking all traffic to the app once a single offender passes the threshold. DoS profiles have plenty of options and configurability. When a user passes the threshold, that user is locked out and no-one else is. There are great options for a range of different things in there too.

     

saidshow_251381's avatar
saidshow_251381
Icon for Cirrostratus rankCirrostratus
Dec 08, 2016

I tested session tracking, iRules and DoS profiles. For what I want to do the DoS profiles suit best. The limitation I had with session tracking is that this requires a threshold of policy violations to be triggered - replaying valid traffic would never trigger a violation. When I tried rate limiting with iRules, I was blocking all traffic to the app once a single offender passes the threshold. DoS profiles have plenty of options and configurability. When a user passes the threshold, that user is locked out and no-one else is. There are great options for a range of different things in there too.