Anuj_327707
Sep 26, 2018Nimbostratus
How to block an attack on basis of x-ms-forwarded-client-ip
Hello Team,
I am looking for assistance to block attack over my application using F5. Unfortunately, all other network points are not an option as we can detect attack using only x-ms-forwarded-client-ip
Application has SSL offloaded on F5 thus F5 has full visibility to the connection. Also, we have ASM in our environment but it is just enabled and not being used for now.
So, our application is facing brute force attack but the source IP is visible only in x-ms-forwarded-client-ip. I need to build some rule within LTM or ASM that may detect a DOS attack is lets say we have 2000 connections from same x-ms-forwarded-client-ip within a second or so.
Is this possible using ASM or any Irule?
Regards, Anuj