ASM Prevention for Slow HTTP Attacks

Question

Hi Team,
        I have been reading the article https://support.f5.com/kb/en-us/solutions/public/14000/100/sol14199 after starting to notice these logs files on my F5. Now from the article these are slow HTTP connections being dropped but what I really want to know is:&nbsp;
What is the threshold for these slow transactions dropping ?And can I find out any information on these dropped transactions ? If these are slow attacks, source IP and destination IP would be handy.
It all seems a bit "under the covers" in regards to what is happening here and I would love to find more information&nbsp;
err dcc[13309]: 01310001:3: event code D3554 Slow transactions attack detected - account id: (9), number of dropped slow transactions: (128)&nbsp;
err dcc[13309]: 01310001:3: event code D3554 Slow transactions attack detected - account id: (9), number of dropped slow transactions: (2428)  &nbsp;

nathe · Answer

It's an Internal Parameter. Check out:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-2-0/asm_apx_internal_params.html&nbsp;
The parameters of interest are Max_slow_transactions and slow_transactions_timeout.&nbsp;
N&nbsp;

Forum Discussion

ASM Prevention for Slow HTTP Attacks

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

Prevent some SQL attacks

November Security Research Update: Newly Released Attack Signatures

Operationlizing Online Fraud Detection, Prevention, and Response

The HTTP/2 CONTINUATION frame attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS