F5 BIG-IP ASM - L7 DDoS Mitigation

This summer I was writing about F5 BIG-IP ASM. In fact, I made several videos where we can watch how we can configure the Web Application Firewall (WAF). For instance, I recorded videos about Session Based Brute Force Mitigation, Web Scraping Mitigation or Cookie Tampering. However, this week, I’ve made a new video about L7 DDoS Mitigation, which is useful for blocking DDoS attacks, but this video is different than Layer 7 DoS Mitigation due to the fact that this video takes into account that lots of computers can be behind the same IP address. Therefore, it’s able to block PCs regardless the IP address.

BIG-IP ASM has three mitigation methods to use on the attacking IP’s. The first mitigation method is Client Side Integrity Defense where PCs has a JavaScript challenge which should be resolved. If it’s not a bot, the browser will be able to resolve the challenge, and the F5 will considerate the PCs as legitimate. However, if the PCs won’t be able to resolve the challenge, requests will be blocked. The second mitigation method is a CAPTCHA challenge, where the user has to resolve the CAPTCHA challenge to access the website. The last mitigation method is Request Blocking where requests are blocked when a threshold is exceed.

Client Side Integrity Defense - Flow

The Client Side Integrity Defense method is useful to know if requests come from users or machines. However, once the DoS L7 attack starts, PCs have to resolve the JavaScript challenge, and this is a little bit computational demanding for PCs. You can notice this in the video. In addition, these mitigation methods can be configured with additional features such as Recording Traffic for automatic recording traffic during DoS attacks, or Trigger iRule for managing DoS events in a customized manner.

JavaScript Challenge
If you want to know what I’m writing about, see the next video:

Regards my friend and remember, keep studying!!