CirrusHello experts,
I've recently been looking into ASM.
https://my.f5.com/manage/s/article/K14199
I have a question about "slow_transaction_timeout"
Does slow_transaction_timeout mean an request to "LTM" that ends after 10 seconds? Or does it mean to the backend server?
Any help is appreciate.
it should be client side (client <-> ltm).
bigip only forwards complete requests to backend servers.
Cumulonimbusit should be client side (client <-> ltm).
bigip only forwards complete requests to backend servers.
Yes right it is
client side (client <-> ltm).
When a client issues many such requests, ASM is able to prevent a denial of service (DoS) condition by detecting a slow transactions attack.
This is defined by the slow_transaction_timeout and max_slow_transactions internal variables.
Server Receives many ππ₯π¨π° ππ«ππ§π¬ππππ’π¨π§π¬ over the time and forced to keep many Connections and Sessions in "ππ©ππ§ππ" state.
Mitigating an attack using BIG-IP ASM
BIG-IP ASM 11.0.0 and later includes protection against slow transaction attacks such as Slow POST, by default. Depending on the attack and environment, you may only need to tune the parameters controlling this protection and ensure that the mechanisms are working by checking the log files as detailed in the following procedure.
Note: Slow transactions dropped in this way receive no response from the server at all, and the connection is terminated without response. This is contrary to the iRule solution, which serves an error page to the client, and contrary to other BIG-IP ASM blocking mechanisms which serve the BIG-IP ASM blocking page in response.
Impact of procedure: If you change the values of the max_slow_transactions or slow_transaction_timeout parameters, you must restart BIG-IP ASM for the new values to take effect. For this reason, you should make these changes during a maintenance window, or you should perform the changes on a standby unit and fail over traffic after the restart has completed.
HTH
π
