NimbostratusApplication attack from different source IPs
Hello WaterSoup,
there are a couple of possible mitigations:
- IP Intelligence Subscription - will protect you from known bad actor IP addresses.
- Bot Defense - offers multiple ways of discovering and mitigating bots.
- Behavioral DoS (L7 DoS) Protection - offers a ML approach to mitigatie Layer 7 DDoS attacks.
- API Protection with APM - helps you to easily configure rate-limiting and add authentication to your API.
Before you apply any of these, please update to BIG-IP 14.1 (appliance) or 15.1 (VE). See K54845583: F5 Support recommendations for selecting your next version of BIG-IP or BIG-IQ, there it says:
"At a minimum, F5 recommends that you upgrade your BIG-IP appliances to at least BIG-IP 14.1 and your BIG-IP VEs to at least BIG-IP 15.1."Also upgrading to 14.1 will allow you to use AWAF. Some of the above mentioned features might not be available in 13.1. Please read this devcentral article regarding the upgrade: From ASM to Advanced WAF: Advancing your Application Security
If all the above won't help you to mitigate the attacks - contact F5 and ask for Shape.
Or take a look at the latest and greatest from F5: Web App and API Protection (WAAP)KR
Daniel
