Forum Discussion

Cirrus

May 22, 2019

Preventing thir party lookup field from being abused

Hi,

We have a web app that includes a look up with a third party. We have identified that a user could smash this lookup hard resulting in many requests being sent and each one resulting in a fee. Is there something in ASM that can be used in order to prevent this from occurring? It is worth noting the the URLs include a dynamic guid so the URL will never be the same for different users.

Essentially we would want to limit replay attack and also replay attack with modified details, eg attacker changes unique values, adds X-Forwarded-For headers etc, or if they used bots to assault the lookup.

Thank you

No RepliesBe the first to reply

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Preventing thir party lookup field from being abused

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Unable to download files greater than 4GB. Running version 15.1.5.1

F5 Distributed Cloud Services Simulator Connect

Entra ID F5 APM MDM Intune integration compliance check

Replacing i2800 pair with new F5-BIG-AFM-r2800

Efficient Method to Compare F5 Configurations

Related Content

SNI Routing with DNS Lookup

Operationlizing Online Fraud Detection, Prevention, and Response

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

HTTP error 503, DNS lookup failed

DNS Resolution via iRules: NAME::lookup vs RESOLV::lookup

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS