Forum Discussion

Nimbostratus

Oct 11, 2017

Rate limiting - one req per second?

Using ASM - DoS or iRules is it possible to limit one request per second per session? We've had pen testers in the past manage to send 200 requests simultaneously using Burp Sniper multi threaded to...

Employee

Oct 15, 2017

With ASM or AFM you can use Dos Profile settings...

Security ›› DoS Protection : DoS Profiles ›› Create New DoS Profile...

 Application Security ›› TPS-based DoS Detection
    TPS reached:  xxx transactions per second

You will need to experiment to determine appropriate values for these settings. If you enable DeviceID in your ASM policy, the client must support Javascript, and may be blocked if it does not do so (even for a policy in Alarm only or Transparent mode). You should also establish a baseline of acceptable traffic levels before trying to exceed TPS detection.

ASM Webscraping protection may also be of value ...

Security ›› Application Security : Anomaly Detection : Web Scraping

Forum Discussion

Rate limiting - one req per second?

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Introduction to F5 Distributed Cloud Console Rate Limiting Feature

Rate Limiting SSL VPN User Traffic

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

Mitigating OWASP API Security Risk: Lack of Resources and Rate Limiting using F5 XC Platform

Rate Limit HTTP Requests