Forum Discussion
L7 DoS Profile
With respect to your first question, yes - all mitigation methods are tried sequentially - if the attack cannot be mitigated using the first method, ASM will move down the list of enabled mitigations.
For question 2, ASM tracks latency for all the URLs that traverse the policy. It uses a proprietary algorithm to compare latencies of individual URls across site-wide average latency and thus classify certain URLs as heavy based upon the URLs that frequently exhibit higher latency than others.
For question 3, I have always been a fan of latency-based approach as long as once knows what acceptable application latency is. TPS-only is great if you want to more proactively limit access to site/URLs above certain volume - but, typically, latency is the most accurate indicator of the backend application health and performance abilities.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com