How to Detect and Block a Web Application?

ASM can distinguish between requests from standard browsers and requests from bots or "headless" browsers which may have untrustworthy user agent strings. Depending on your version of ASM, a DoS profile can be created to challenge requests from suspected clients or suspicious IPs.

In v12, DoS profiles are sophisticated, and reflect some new, multi-dimensional behavioral analysis techniques for identifying legitimate requests. You have the capability to apply block and alarm actions on different categories of bots. There are very specific controls for allowing known bots or other agents. If you have an earlier version of ASM, Proactive Bot Defense can be configured to detect suspicious agents based on different variables. In your case, it sounds like you could create a DoS Profile which would indicate when a request was not from an allowed browser.