Forum Discussion
ltwagnon
Sep 20, 2013Ret. Employee
Have you tried the session based anomaly detection? If you generated 3500 new sessions in 10 seconds, you should be able to configure the ASM to detect an abnormal number of new sessions in a given time period and block based on those settings. Here's a link to an article I wrote on session and transaction based anomaly detection/mitigation: https://devcentral.f5.com/articles/these-are-not-the-scrapes-youre-looking-for-session-anomalies.UjxueLEo7IU
Essentially what happens is that the ASM detects the number of sessions opened per second and, if too many sessions are opened, it starts blocking requests.
I hope this helps! John