Protect your AWS API Gateway with F5 BIG-IP WAF

Nice article, Graham! I was thinking that ASM really needs tools to be able to defend against small scale API automation attacks by throttling or rejecting bad actors. ASM has native bot detection tools, but most of them rely on classic device detection (which uses Javascript insertion, which isn't an option for an API), or provide protection for larger-scale attacks such as DDoS. It seems like this can really only be accomplished right now with an iRule. Something like this built right into ASM would be great not only for on-prem but also for cloud WAF deployments such as you feature in your article.