Forum Discussion

Jonathan_George's avatar
Jonathan_George
Historic F5 Account
Dec 15, 2010

DDoS attack protection in ASM

With all the news of DoS and DDoS attacks from botnets on web sites, you may be concerned if your site is next. However, it's easy to configure BIG-IP Application Security Manager to protect against Layer 7 DoS and DDoS threats. When using ASM, you can block application DoS attacks and increase end-user application performance with accurate triggers and automatic controls. This is based on a detection element and three different prevention methods which are applied one after another for in-depth prevention measures and techniques.

 

 

In ASM, detection is either TPS based or Latency based:

 

With TPS, you prevent DoS with client side integrity defense that is either Source IP-based or URL-based. Rate Limiting is

 

also an option for prevention. When URL-based Rate Limiting is configured you set the URL detection by what percentage

 

of TPS or TPS reached per second. Then Prevention Duration comes with Unlimited or Maximum per second options. Those

 

IP addresses that are approved can be added to a Whitelist.

 

 

With Latency, the Suspicious Criteria is latency increased by percentage or reached by milliseconds with minimum latency

 

threshold set. Again as in TPS, for Latency either Source IP-based or URL-based client side integrity defense or Rate

 

Limiting is optional for Prevention. If URL-based, set the TPS percentage or actual TPS reached as triggers. Prevention

 

Duration is either Unlimited or Maximum seconds. Again, add any IP address to the approved Whitelist.

 

 

Also, ASM reports regular and repeated attacks from IPs and mitigates those attacks per policy. For instance, when using IP Penalty Enforcer, a policy allows only a designated number of violations blocked per minute and upon threshold the IP session is blocked. Now there is tighter security coverage for IP violators.

 

 

Once configured, BIG-IP ASM's approach to layer 7 DoS and DDoS attacks is automatic attack mitigation that you don't have to manually respond to when an attack occurs. For more information review:

 

 

Layer 7 DoS whitepaper at: http://www.f5.com/pdf/white-papers/...ion-wp.pdf

 

ASM configuration guide at: http://support.f5.com/kb/en-us/prod...force.html
  • check out - In 5 Minutes Video - BIG-IP ASM L7 DoS & Brute Force Protection http://www.youtube.com/watch?v=H2PQBlhxL9I