Session Tracking with ASM - Block All Vs Delay Blocking

Question

Hi Guys,&nbsp;
I'm just looking to understand exactly the difference between the 'Block All' and 'Delay Blocking' options for session tracking on ASM policy. Both seem to block after a defined threshold is reached and will block for a defined period of time.&nbsp;
It looks like the 'Delay Blocking' options is more granular however I expect that there is something significant I am overlooking.&nbsp;
Also, the application I wish to use session tracking on does not have a login page. As a result I will be setting the 'Application Username' to 'none'. Will this allow me to still accurately track if an individual is spamming the application?&nbsp;
Thank you&nbsp;

erik_novak · Answer

The difference between "block all" and "delay blocking" is that with delay blocking you can defer blocking of a session or an IP address because you want to tolerate a low volume of violations, instead of immediately blocking any request that violates the policy. In many cases there is a forensic reason for doing this, in the event that you wish to observe the actions of a specific client. By not tracking "user name" you will not be able to view user names or login pages specifically, but ASM will still track HTTP session information.

Forum Discussion

Session Tracking with ASM - Block All Vs Delay Blocking

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Block traffic

domain blocking

The BIG-IP Application Security Manager Part 9: Username and Session Awareness Tracking

Block IP after a number of ASM Blocks

Link Tracking