--> Let us take a scenario where an attacker is performing lots of attacks on our web application which is running behind ASM.
--> You want to block the users/IP address who is generating a lot of violations or sending illegal traffic to the web application for a certain period of time in order to safeguard your web application.
--> This can be achieved on the ASM by using the feature known as "Session Tracking"
--> Session Tracking feature on ASM provides the session awareness based upon username/IP address/Device ID/Session ID.
--> We can use session tracking to track, enforce, and report on user sessions, device IDs, and IP addresses.
--> In order to identify a client session on the web application, ASM uses following methods:
i) Using the ASM cookie to identify the session ID
ii) Using the Login Page to identify the username
iii) Creating the device ID to track the device
iv) Using the IP address
--> By default, Session Awareness feature is not enabled on the security policy of ASM.
--> The advantage of using session tracking is that you are able to identify the user, session, device ID, or IP address an attack.
Configuration:
Step1: Enable Session Tracking by navigating to Security > Application Security > Sessions and Logins > Session Tracking
Step2: Configure Session Tracking based upon username or IP address or Device ID or Session ID and configure action either block all URLs or Block authenticated URLs
Step3: Enable blocking Based upon session tracking under learning and blocking settings.
You have successfully enabled Session Tracking on the security policy.
Ref: F5.com
Md.Kareemoddin,
CCIE #54759, F5 CTS