Can ASM block repeat requests in a specific time interval

Question

Hi,
We are relatively new to ASM and although covered the course I've had a question from the user I'm not sure about. When a user connects to the application they are given a unique reference. What we want to do is to be able to limit the number of a specific request type that a user can submit within a given time frame. For example for a specific connection we only want to allow 3 of Request Type A per minute. Is this achievable within ASM and/or irules ? Identifying the Reference and Request type is not an issue, I just can't figure how I might be able to count over a time interval and then block&nbsp;
many thanks for any tips, even to say if it can't be done&nbsp;

pragathishakart · Answer

I have just searched for the similar query raised by you. I hope it may be useful. Please read from the section "Setting up ASM session tracking with APM" in the below link.&nbsp;
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-4-0/12.html?sr=34162090&nbsp;

sanjayp · Answer

using ASM you can limit rate of requests (HTTP Throttling), configuring DoS protection settings (version prior to 11.3 it is part of ASM policy under Anomaly detection --&gt; DoS attack prevention.) 
If you want to limit type of HTTP requests (GET/POST/PUT/DELETE) per minute iRule is the only way.
- Sanjay

Forum Discussion

Can ASM block repeat requests in a specific time interval

2 Replies

Recent Discussions

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

Related Content

Logging DNS Requests

Distributed caching of authentication requests with NGINX Ingress Controller

find specific SNMP OID

Load balancing method specific decision

F5 AWAF - bypass request based on the pressence of a request header - value