Protection against XSS cross-scripting infinte attacks tries.

Question

Dears,&nbsp;
The F5 ASM is doing its job by blocking the XSS cross-scripting attacks and block the attack, this is done by the built-in signatures of the WAF. but i still able to keep trying my scripting attacks, so in theory a real attacker will be able to keep trying to attack the WebSite.&nbsp;
I want to know if i have anyway to track the number of the XSS scripting attacks and block the IP address after number of tries, i am not sure if this done by any mechanism of DOS protection or brute-force protection or maybe i can create a customized signature to track number of attacks?&nbsp;
Please let me know the best approach to prevent such attack pattern after number of XSS tries.&nbsp;
Looking forward to hearing from you.&nbsp;
Regards,
Muhannad&nbsp;

tzoori_tamam_95 · Answer

Hi Muhannad,
You can certainly use the Session Tracking feature in ASM, where you are able to block an IP, a session, or a username after committing a number of violations.
Check this chapter in the manual.&nbsp;

ltwagnon · Answer

Muhannad, here's an article on username and session tracking that might help you: https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-9-username-and-session-awareness-tracking

muhannad_64809 · Answer

Dear Tzoori,

Many thanks for the information, i will try it soon.

Regards,
Muhannad

Forum Discussion

Protection against XSS cross-scripting infinte attacks tries.

3 Replies

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

Cross Site Scripting (XSS) Exploit Paths

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

Managing NGINX App Protect WAF for Beginners

Lightboard Lessons: OWASP Top 10 - Cross Site Scripting