Forum Discussion
samstep
Feb 22, 2016Cirrocumulus
Yes, it is the application DDoS attacks and ASM uses multiple ways of protection.
ASM determines if request is from humans by injecting a special JavaScript snippet into the pages you want to protect. This JavaScript detects things like mouse movements,page scrolls, key presses as well the speed of navigation between pages.
ASM can also send a CAPTCHA challenge to tell a human and a bot apart.
You can find the detailed answers to your questions in the F5 ASM manual here:
Hope this helps,
Sam