20-Jun-2021 07:36
How does ASM's dos strategy return the interception response page? Is it possible to achieve DoS protection for behavioral and stress-based interception and return to the response page through irules?
20-Jun-2021 12:32
Hi longyuan,
Behavioral DoS is much more effective against mitigating multi-vector Layer 7 DoS attacks.
Stress-based DoS is better at defining specific rate limits.
Technically it is possible to configure both protections concurrently, complementing each other.
From experience I recommend against configuring both of them together. BaDOS alone is fine, it works reliable. Setting threshold values for for stress-based mitigation can be cumbersome and is error prone.
Details about the mitigation methods can be read here:
https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/preventing-dos-attacks-on-applications.html
KR
Daniel
20-Jun-2021 22:53
There in no response page you can configure, attackers will get a TCP reset.
See here: K04550557: Overview of BIG-IP ASM blocking response