DoS Profile (ASM) - Rate limiting implementation

Question

ASM has a DoS profile with TPS-based detection, by Device IP. Offenders can be rate limited. &nbsp;
How does this rate limiting apply? Is it layer 4 or layer 7? 
If TCP, does it drop TCP packets (no ACK) or does it drop the TCP connection?&nbsp;
This is not described in the documentation and different implementations would have very different impact for legitimate users who are flagged as offenders (false positives).&nbsp;

samstep · Answer

It depends on how you configure it. If you are worried about false positives ASM can issue a CAPTCHA challenge to suspicious IP addresses instead of blocking, it can also shows the blocking page or just block the IP address.&nbsp;
Documentation can be found here:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-0-0/2.html&nbsp;

Forum Discussion

DoS Profile (ASM) - Rate limiting implementation

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Implement WAF service

F5 Terraform providers – Helping to implement Infrastructure as Code

Rewrite profile limit on URI rules

limit to number of clientssl profiles

MS Exchange ProxyNotShell block implemented via iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS