Hi All,
I have a question on the below info.
Per URL:
In this case my understanding is that once the total latency or TPS threshold is crossed for a single URL that the ASM will throttle requests to the historical average. I do not believe there is delineation between attacking IP addresses and legitimate traffic, as the it is just looking at traffic rates to a single URL on your site and trying to keep those in check. This way some legitimate traffic should get through but most likely some will get stopped.
We are testing some F5 ASM URL based throtteling rules on F5 to protect our backend servers.
Every time when F5 detects the DoS attack, it starts allowing approx. 3-5 TPS traffic to backend servers. So I am not understanding on basis it is arriving to that figure.
Also please provide me the following info,
Where can I check the Historical average parameter in F5 server......? and
Is there any way to modify/clear the same ...? If yes, how......!!!
Regards
Govindraj B H