ASM/WAF rate limit and block clients by source ip (or device_id fingerprint) if there are too many violations

Problem this snippet solves: For attackers that cause too many violations it is better to block them at the start of the HTTP_REQUEST or CLIENT_ACCEPTED events as the ASM/WAF processing causes too ...
Updated Jan 31, 2023
Version 3.0
ASM Advanced WAF
devops
fingerprint
iRules
Security
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Jul 15, 2021

Hi  ,

 

nice iRule. How would you compare this solution with Session Awareness as described in https://support.f5.com/csp/article/K02212345? Session Awareness gives additional categories for blocking based on Device IP or Session.

 

KR

Daniel