Web Attacks in IP Intelligence Vs ASM Policy

Question

Hi,&nbsp;
We have a variety of applications that each have ASM policies to protect against web attacks etc. We also have IP Intelligence enabled in monitoring mode at the moment which we will switch to blocking mode for some categories shortly. &nbsp;
One of the available categories in the IPI setup is "Web Attacks". I am curious as to whether there is any benefit or risk enabling this if I already have a tailored, configured ASM policy. Which takes precedence, the ASM Policy Rules or the IPI Rules if they are each running. &nbsp;
I expect if both the ASM Policy and IPI web attack prevention are each enabled, then the traffic would be subject to both sets of rules?&nbsp;
Thank you.&nbsp;

nathe · Answer

saidshow&nbsp;
The traffic will be subject to both, however, as IPI works at the network layer then this will be triggered first, if the source IP was a known, malicious IP address, for instance.&nbsp;
IPI works hand in hand with the security features of both AFM and ASM and adds an extra layer of possible protections.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

Web Attacks in IP Intelligence Vs ASM Policy

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

IP-Intelligence and IP-Shunning

Traffic Intelligence in AFM through Categories

F5 Threat Intelligence - Helpers Behind the Scenes

ESRP Strategies: DNS Water Torture Attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS