Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
F5 BIG-IP Access Policy Manager Security Technical Implementation Guide
SRG-NET-000053-ALG-000001
SRG-NET-000053-ALG-000001
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-NET-000053-ALG-000001
1 Rule
<GroupDescription></GroupDescription>
The F5 BIG-IP appliance must be configured to set the "Max In Progress Sessions per Client IP" value to 10 or less.
Low Severity
<VulnDiscussion>The "Max In Progress Sessions Per Client IP" setting in an APM Access Pro?le is a security con?guration that limits the number of simultaneous sessions that can be initiated from a single IP address. This is particularly helpful in preventing a session ?ood, where a hacker might attempt to overwhelm the system by initiating many sessions from a single source. By capping the number of sessions per IP, this setting can help maintain the system's stability and integrity while also providing a layer of protection against such potential attacks. False positives may result from this setting in networks where users are behind a shared proxy. Sites should conduct operational testing to determine if there are adverse operational impacts. Log reports should be obtained to identify recurring IP sources within the user community.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>