Forum Discussion

Company_B_88989's avatar
Company_B_88989
Icon for Nimbostratus rankNimbostratus
Mar 02, 2017

ASM: How to block a user holding down F5 Key

A user holding down the F5 key causes constant refreshes and creates too much traffic in our backend. We have the ASM Module and have tried different DOS profile settings, specifically TPS-based and Stress-based detection. We set it to use CAPTCHA, but after holding down the F5 key, CAPTCHA does not come up and the site hangs.

 

Another factor, we do not want to block by IP, only by device. We have multiple customers behind the same external IP and do not want to lock them out.

 

Any suggestions?

 

ASM Advanced WAF
security

4 Replies

Sort By
  • Jason0_309417's avatar
    Jason0_309417
    Icon for Cirrus rankCirrus
    Mar 02, 2017

    What TPS limits have you tried? You can always put an iRule in place while you workout the ASM policy. Something to display an error message or do an HTTP::close. 

    when HTTP_REQUEST {

    if {[info exists refresh_count] } {

        if { [HTTP::header value "If-Modified-Since"] ne ""  } {
            incr refresh_count
        }

        if { $refresh_count > 10 } {
            HTTP::respond 200 content "Nope"
        }

    } else {
        set refresh_count 0
    }

}
    • Company_B_88989's avatar
      Company_B_88989
      Icon for Nimbostratus rankNimbostratus
      Mar 02, 2017

      Thanks, I am going to try the iRule.

       

      The holding down F5 key doesn't even trigger a DOS most of the time yet we see hundreds of db connections. We are trying this in a test environment, so the increases TPS by 500% and 5 TPS does not trigger the DOS.

       

      I can only trigger the DOS by putting the TPS at 1 and tapping F5, which gives me the CAPTCHA page (when set).

       

    • Jason0_309417's avatar
      Jason0_309417
      Icon for Cirrus rankCirrus
      Mar 02, 2017

      You may also want to look the the "Connection Rate Limit" and "Connection Limit" fields on the virtual server configuration page.