Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

Preventing DDoS attacks on SMS URL


Dear Community,

I am facing DDoS attacks on one of our application. The attacker is sending hundred of requests to a URL, which is consuming all of our SMS quota. The attack is originating from multiple IPs. Please inform how I can protect this application API from this kind of DDoS attack from appliation code level. I need help from application security experts and web developers. is frontend & is backend api 

Sample of DDoS reqeust:

POST /asdf/service/sendmobilecode HTTP/1.1


Authorization: ***********

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Content-Type: application/json




Kind Regards



If this is happening now.

Call f5 support and raise a sirt call.

They'll help you with that asap.

That's what they're there for!

If you have ASM provisionned then use DDOS profile. The hardest part maybe trying to find the tresholds that suit your application usage patterns.


Community Manager
Community Manager

I concur with the DDoS profile from AWAF. Another thing you could try (much less expensive than AWAF) would be to put up F5 XC WAF in front of it. That is maybe a 5 minute opration to get it WAF'd. If you need help finding your SE to help try it before you buy it, let me know. I'm happy to help.