For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Anuj_327707's avatar
Anuj_327707
Icon for Nimbostratus rankNimbostratus
Sep 26, 2018

How to block an attack on basis of x-ms-forwarded-client-ip

Hello Team,   I am looking for assistance to block attack over my application using F5. Unfortunately, all other network points are not an option as we can detect attack using only x-ms-forwarded-...
application delivery
ASM Advanced WAF
LTM
security
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Sep 26, 2018

Hi,

 

In fact you can create an ddos profile and specifiy how to detect attackers and which mitigation to use: - By Source IP (but in this case the profil don't use an specific header but real ip source) - By Device ID:

 

You can try preventing ddos usig device ID, just be carefull because this feature will block requests from clients that do not support JavaScript, even if the security policy is in Transparent mode.

 

So before trying to set an irule a advise you to use device ID (The device ID is a unique identifier that ASM creates by sending JavaScript to get information about the client device.)

 

For that Go to ASM then ddos --> Application Security ›› TPS-based DoS Detection

 

How to detect attackers and which mitigation to use: By Device ID

 

let me know if it's enough for you ifnot i can help you if an irule is need.

 

regards