Wasfi_Bounni
Jan 22, 2024Cirrocumulus
Which one is applied when both rate limiting and captcha challenge for device ID in a DOS profile?
Hi;
In the ASM, say if under TPS-based detection, by source IP, let's say I choose both captcha and request blocking "Rate Limit", which one is applied first? when reaching the threshold?
Kindly
Wasfi
Hello,
you can check out this below link, it is mentioned that:
"The mitigation methods that you select are used in the order they appear on the screen. The system enforces the methods only as needed if the previous method was not able to stem the attack."
So the order should be:
- JavaScript challenges (also called Client-Side Integrity Defense)
- CAPTCHA challenges
- Request blocking (including Rate Limit or Block All)
Thanks,
Mohamed Salah