Forum Discussion

MaxMedov's avatar
MaxMedov
Icon for Cirrostratus rankCirrostratus
Dec 06, 2023

Custom dynamic signature

Hello, We have a problem with a few clients that, from time to time, spamming us with specific parameter in the body.  For example, regular traffic is 10 TPS of parameter ABC, and sometimes those r...
security
MaxMedov's avatar
MaxMedov
Icon for Cirrostratus rankCirrostratus
Dec 06, 2023

Hi Jeffrey_Granier, I Think iRule is not the best option because it will require decrypting all requests and searching in the body for this parameter; it could load the device.
Also, the iRule will work for all the clients and block false requests from valid users (who are not spamming)
I thought it was possible to do it by BADoS.
Or I wrong?

  • Jeffrey_Granier's avatar
    Jeffrey_Granier
    Icon for Employee rankEmployee
    Dec 06, 2023

    HI Max,

    Yes using BADoS should be your first line of defense, the abnormal traffic pattern that deviates from the baseline should generate the dynamic signature. Do you have any that show up , could you post a snippet?  Irules would be last option if this cannot be configured using the detected dynamic signatures.