Forum Discussion
3 Replies
Hi longyuan,
Behavioral DoS is much more effective against mitigating multi-vector Layer 7 DoS attacks.
Stress-based DoS is better at defining specific rate limits.
Technically it is possible to configure both protections concurrently, complementing each other.
From experience I recommend against configuring both of them together. BaDOS alone is fine, it works reliable. Setting threshold values for for stress-based mitigation can be cumbersome and is error prone.
Details about the mitigation methods can be read here:
https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/preventing-dos-attacks-on-applications.html
KR
Daniel
- longyuanAltostratus
How to set the intercept response page for dos attack?
There in no response page you can configure, attackers will get a TCP reset.
See here: K04550557: Overview of BIG-IP ASM blocking response