Session Tracking with ASM - Block All Vs Delay Blocking

Question

Hi Guys,&nbsp;
I'm just looking to understand exactly the difference between the 'Block All' and 'Delay Blocking' options for session tracking on ASM policy. Both seem to block after a defined threshold is reached and will block for a defined period of time.&nbsp;
It looks like the 'Delay Blocking' options is more granular however I expect that there is something significant I am overlooking.&nbsp;
Also, the application I wish to use session tracking on does not have a login page. As a result I will be setting the 'Application Username' to 'none'. Will this allow me to still accurately track if an individual is spamming the application?&nbsp;
Thank you&nbsp;

erik_novak · Answer

The difference between "block all" and "delay blocking" is that with delay blocking you can defer blocking of a session or an IP address because you want to tolerate a low volume of violations, instead of immediately blocking any request that violates the policy. In many cases there is a forensic reason for doing this, in the event that you wish to observe the actions of a specific client. By not tracking "user name" you will not be able to view user names or login pages specifically, but ASM will still track HTTP session information.

Forum Discussion

Session Tracking with ASM - Block All Vs Delay Blocking

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 XC Session tracking with User Identification Policy

The BIG-IP Application Security Manager Part 9: Username and Session Awareness Tracking

Block IP after a number of ASM Blocks

Block traffic

Link Tracking

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS