Hits from one IP address taking our site down

Thank you all for your ideas and suggestions. Yes, we block using ASM GeoLocation Enforcement. The logs do not indicate that the user was able to access our site. I suppose it might have simply been an overload to our server at the same time that the one IP Address was hitting several times each second. We have actually had that same type of hit in the past, but it never took the site down. Unless it happens again, I will chalk this up to coincidence of attack and server overload. I appreciate this forum very much. Thank you!

if it is the Geolocation Enforcement, this is a good artical about it: Geolocation Enforcement

I assume Diana is using the built in GUI feature within ASM ("Geolocation Enforcement")

How do you block all other contries? Do you use the IP Address Intelligence or an irule?

Hi Diana, If the ASM is configured to block all source IPs coming outside the US and you managed to see a request with a source IP from Germany then it sounds like a miss-configuration to me. I suggest you open a support case so we can look at your configuration. Kind Regards, Ido

So, if requests from outside the US will be blocked, it is really strange and see only 3 reasons.

1. attacks from US server at the same time
2. overload of the bigip so that every traffic was blocked
3. an unfortunate accident of an attack and a problem with the tomcat at the same time

regards

how can your tomcat crash by requests with an IP outside the US, if you block all traffic from ouside the US? It should be blocked by the ASM.

Comment: Are you sure, that all your business partner use server in the US?

greetings from germany ;-)

how can your tomcat crash by requests with an IP outside the US, if you block all traffic from ouside the US? It should be blocked by the ASM.

Comment: Are you sure, that all your business partner use server in the US?

greetings from germany ;-)