Forum Discussion
NimbostratusProtection against XSS cross-scripting infinte attacks tries.
Dears,
The F5 ASM is doing its job by blocking the XSS cross-scripting attacks and block the attack, this is done by the built-in signatures of the WAF. but i still able to keep trying my scripting attacks, so in theory a real attacker will be able to keep trying to attack the WebSite.
I want to know if i have anyway to track the number of the XSS scripting attacks and block the IP address after number of tries, i am not sure if this done by any mechanism of DOS protection or brute-force protection or maybe i can create a customized signature to track number of attacks?
Please let me know the best approach to prevent such attack pattern after number of XSS tries.
Looking forward to hearing from you.
Regards, Muhannad
3 Replies
Hi Muhannad, You can certainly use the Session Tracking feature in ASM, where you are able to block an IP, a session, or a username after committing a number of violations. Check this chapter in the manual.
Muhannad_64809Dear Tzoori, Many thanks for the information, i will try it soon. Regards, Muhannad
Muhannad, here's an article on username and session tracking that might help you: https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-9-username-and-session-awareness-tracking
