DoS Profile (ASM) - Rate limiting implementation

Question

ASM has a DoS profile with TPS-based detection, by Device IP. Offenders can be rate limited. &nbsp;
How does this rate limiting apply? Is it layer 4 or layer 7? 
If TCP, does it drop TCP packets (no ACK) or does it drop the TCP connection?&nbsp;
This is not described in the documentation and different implementations would have very different impact for legitimate users who are flagged as offenders (false positives).&nbsp;

samstep · Answer

It depends on how you configure it. If you are worried about false positives ASM can issue a CAPTCHA challenge to suspicious IP addresses instead of blocking, it can also shows the blocking page or just block the IP address.&nbsp;
Documentation can be found here:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-0-0/2.html&nbsp;

Forum Discussion

DoS Profile (ASM) - Rate limiting implementation

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Implementing SSL Orchestrator with OPSWAT MetaDefender

SSL Profiles Part 3: Certificate Chain Implementation

Implementing Data Guard

Implement WAF service

Rewrite profile limit on URI rules