Mitigate L7 DDoS with BIG-IP ASM
Published Nov 28, 2017
Version 1.0Was this article helpful?
Hi Piotr,
The "Honeypot" in the video is a simple iRule
ifile
call (for demo purposes only):
when IN_DOSL7_ATTACK {
log local0.warning "Attacker IP: $DOSL7_ATTACKER_IP, Mitigation: $DOSL7_MITIGATION"
if { $DOSL7_MITIGATION contains "Rate Limiting" } {
HTTP::respond 403 content [ifile get ifile_HONEYPOT]
log local0.warning "Honeypot!"
}
}
In production - I have a customer that simply redirects traffic to a specific pool / member which forwards traffic to a "real" Honeypot server for analysis etc.