One of our customers webserver is hosted with us and its behind the ASA & IPS with standard IPS configuration. I have also enabled some signatures related to IIS n DDOS. The website is constantly under DDOS attack from various IP addresses, each single IP address with different source ports is opening more than 20 session at a time to the web server n consuming the server resources and bandwidth, the IPS is not able to detect this. I have also enabled netflow on ASA for this server and the netflow report showing normal with different source IP addresses and ports. The webserver is constantly under attack even when it is present with other DSP/ISP.
Is there option I need to configure in IPS or ASA to stop this. The IPS signature is latest updated.