Jaspreetgurm
Sep 10, 2021Altocumulus
OTP Flood Attack mitigation
We have application which is sitting behind our F5 WAF, where application receiving high voulme of OTP request on server to generate OTP SMS by attacker. People receiving unwanted OTP message on their mobile.
I have configured an iRule which limiting the request in 3 request in 5 min max and it is working. but attacker using different ISP ip to flood the OTP request.
Can someone please assist here, how to mitigate such attack with help of F5 WAF policy.