Forum Discussion

saidshow_251381's avatar
saidshow_251381
Icon for Cirrostratus rankCirrostratus
Dec 07, 2016

Session Tracking with ASM - Block All Vs Delay Blocking

Hi Guys,

 

I'm just looking to understand exactly the difference between the 'Block All' and 'Delay Blocking' options for session tracking on ASM policy. Both seem to block after a defined threshold is reached and will block for a defined period of time.

 

It looks like the 'Delay Blocking' options is more granular however I expect that there is something significant I am overlooking.

 

Also, the application I wish to use session tracking on does not have a login page. As a result I will be setting the 'Application Username' to 'none'. Will this allow me to still accurately track if an individual is spamming the application?

 

Thank you

 

  • The difference between "block all" and "delay blocking" is that with delay blocking you can defer blocking of a session or an IP address because you want to tolerate a low volume of violations, instead of immediately blocking any request that violates the policy. In many cases there is a forensic reason for doing this, in the event that you wish to observe the actions of a specific client. By not tracking "user name" you will not be able to view user names or login pages specifically, but ASM will still track HTTP session information.