For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

ASM/WAF rate limit and block clients by source ip (or device_id fingerprint) if there are too many violations

Problem this snippet solves: For attackers that cause too many violations it is better to block them at the start of the HTTP_REQUEST or CLIENT_ACCEPTED events as the ASM/WAF processing causes too ...
Updated Jan 31, 2023
Version 3.0
ASM Advanced WAF
devops
fingerprint
iRules
security
Nikoolayy1's avatar
Icon for MVP rankMVP
NGFW and WAF Tech Expert with more than 5 years of experience in the field of Cybersecurity, Automation, Orchestration and over 10 years in IT.
View Profile
Nikoolayy1's avatar
Icon for MVP rankMVP
NGFW and WAF Tech Expert with more than 5 years of experience in the field of Cybersecurity, Automation, Orchestration and over 10 years in IT.
View Profile
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Jul 15, 2021

Hi  ,

 

nice iRule. How would you compare this solution with Session Awareness as described in https://support.f5.com/csp/article/K02212345? Session Awareness gives additional categories for blocking based on Device IP or Session.

 

KR

Daniel