Forum Discussion

Nimbostratus

Mar 10, 2015

ASM DOS Protection heavy URLs

Hi, I wanted to have a simple/praticable explantation of the new option of the DoS profile : heavy URLs. I read the official documentation and some articles and Q/A in devcentral but I just...

ASM Advanced WAF

security

Pedro_Haoa

Ret. Employee

Mar 11, 2015

Hi,

Heavy URL protection specifies, when enabled (by default), that whenever an attack is detected the system protects the heavy URLs using the URL-based methods that you enabled in the Prevention Policy area (sending a JavaScript challenge to each suspicious URLs address and waiting for a response or the system drops transactions for suspicious URLs). If no URL-based methods are enabled, the system only reports attacks.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM DOS Protection heavy URLs

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

[ASM] - How to disable the SQL injection attack signatures

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

ASM allow specific url from outside country of geolocation ON

Related Content

L7 DoS Protection with NGINX App Protect DoS

Runtime API Security: From Visibility to Enforced Protection

Embedding APM Protected Resources into Third-Party Sites

Heavy URL Protection

F5 API Security: Discovery and Protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS