My environment : F5 ltm, ASM learning mode.
Webapp: Public facing site with many pages with few search pages and filtering pages.
I see many people are hitting the site with unknow query string and trying to flood the site.
Is there a way to remove all the query string parameters and redirect to the url with out query string like url redirect module.
I want to exclude some pages that allow content filtering like using query string .
Do we want to use Irule to achieve this or ASM/LTM module has a better solution. I rules sure I can achieve this, but not sure if this is the best solutions.
Frequently someone/bot/crawler is trying to hit to make the CPU run very high like a DDOS kind of attack.
Any pointer is appreciated.
@KeesvandenBos has provided a viable iRule solution, for a specific attack but to continue answering the second part; yes! Advanced WAF has denial of service capabilities specifically to mitigate these types of attacks.
Here is a great video overview of how behavioral DoS can react to stress on your backend systems and mitigate aggressive requests.
There's an entire implementations guide "Preventing DoS Attacks on Applications"
And well, because a lot of these types of requests are automated, F5's bot defense can help you identify and mitgate automated requests.