Forum Discussion

longyuan's avatar
longyuan
Icon for Altostratus rankAltostratus
Jun 20, 2021

How does ASM's dos strategy return the interception response page

How does ASM's dos strategy return the interception response page? Is it possible to achieve DoS protection for behavioral and stress-based interception and return to the response page through irules?

  • Hi longyuan,

     

    Behavioral DoS is much more effective against mitigating multi-vector Layer 7 DoS attacks.

    Stress-based DoS is better at defining specific rate limits.

    Technically it is possible to configure both protections concurrently, complementing each other.

    From experience I recommend against configuring both of them together. BaDOS alone is fine, it works reliable. Setting threshold values for for stress-based mitigation can be cumbersome and is error prone.

     

    Details about the mitigation methods can be read here:

    https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/preventing-dos-attacks-on-applications.html

     

    KR

    Daniel