For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Mitigating OWASP API Security Risk: Lack of Resources and Rate Limiting using F5 XC Platform

Introduction: The Introductory article covered brief presentation of OWASP Top 10 Web Application and API Protection (WAAP). This article is continuation of the series and shows mitigating API Vuln...

Updated Jun 23, 2023

Version 4.0

cloud

F5 Distributed Cloud

F5 Distributed Cloud WAAP

OWASP-API-Security

security

series-f5-distributed-cloud

Verified Designs

chaithanya_dileep

Employee

Joined February 25, 2022

View Profile

Nikoolayy1

MVP

Oct 09, 2022

Nice article but shouldn't the F5 Shape security in most cases detect the bad bot traffic from Jmeter even if the source ip addresses and User-Agent headers are changed (Jmeter supports changing User-Agent headers and most modern bots rotate the source ip addresses and user-agent headers) and block it? Maybe the Rate Limit is as a second option if the Bot is really new and advanced till Shape Security blocks it?

Mitigating OWASP API Security Risk: Lack of Resources and Rate Limiting using F5 XC Platform

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS