Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Preventing DDoS attacks on SMS URL

iRule
Cirrus
Cirrus

‎08-Jun-2022 14:04

Dear Community,

I am facing DDoS attacks on one of our application. The attacker is sending hundred of requests to a URL, which is consuming all of our SMS quota. The attack is originating from multiple IPs. Please inform how I can protect this application API from this kind of DDoS attack from appliation code level. I need help from application security experts and web developers.

https://abc.com is frontend & xyz.com is backend api 

Sample of DDoS reqeust:

POST /asdf/service/sendmobilecode HTTP/1.1

Host: xyz.com

Authorization: ***********

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Content-Type: application/json

Origin: https://abc.com

Referer: https://abc.com/

{"number":"91234567890"}

Kind Regards

 

0 Kudos
3 REPLIES 3

PSFletchTheTek
MVP
MVP

‎08-Jun-2022 14:22

If this is happening now.

Call f5 support and raise a sirt call.

They'll help you with that asap.

That's what they're there for!

Amine_Kadimi
MVP
MVP

‎08-Jun-2022 16:28

If you have ASM provisionned then use DDOS profile. The hardest part maybe trying to find the tresholds that suit your application usage patterns.

https://support.f5.com/csp/article/K13410341

 

AubreyKingF5
Community Manager
Community Manager

‎06-Jul-2022 07:52

I concur with the DDoS profile from AWAF. Another thing you could try (much less expensive than AWAF) would be to put up F5 XC WAF in front of it. That is maybe a 5 minute opration to get it WAF'd. If you need help finding your SE to help try it before you buy it, let me know. I'm happy to help.

0 Kudos
Copyright © 2023 Khoros, LLC