Is there a way to have Proactive Bot Defense in Transparent mode (v12)?
I am working on a new DoS profile and would like to not have it block requests but alert on them so I can get a good idea of what configuration tweaks I need to make. Is there any way to only have it alert when it normally would block/CAPTCHA a request that it sees? The current ASM policy is in blocking mode and I would like to keep it that way while the DoS profile is being "tested". Thank you!How to assign a DOS profile to a single URI?
I am in the process of creating a TPS and heavy URL DOS profile for a specific URI on a website (example: ) but do not want it applied to any other part of the even though it is on the same web server. Without using an iRule, is it possible to just assign the DOS profile to /protectme/link? Thank you.
DoS Profile - URL Detection criteria question
Hello, My question is related to the way the F5 detects a DoS when we use the URL detection criteria under the TPS-based anomaly. When calculating the TPS, does it have into account the source IP or it just adds the total of requests for the same URL? From my understanding, if the engine sums all the requests for a URL and the thresholds are reached, then it will start blocking not only the attacker but also legitimate traffic, is this the expected behaviour? On the other hand, how does the DoS engine detect that an attack has finished? Thanks.