Forum Discussion
NimbostratusBest practice value to have
Hi Folks!
We want to enforce session timeout and acceptable intensity rate in our WAF for couple of applications. Kindly let us know what are the best practice value which needs to be set for "Session timeout" & "Acceptable intensity rate". The application in question are Banking Applications.
Kindly let me know what are your thoughts on this.
Cheers, Rao
6 Replies
Hannes_Rapp_162Nacreous
"Session idle timeout" - 15 mins is common for internet banking front-ends.
"Acceptable intensity rate" - I'm not sure what it is. Are you talking about ASM/L7 DOS protection profile configuration? Where did you find this 'acceptable intensity rate' setting?
raghav_rao_2526Hi Hannes, Yes, the intensity rate is for L7-DOS. I'm new to F5, I remember having this setting in Barracuda, hence I thought it will in F5 as well but with a different name. Cheers, Rao- Hannes_Rapp_162In F5 there are L7 DOS protection thresholds. I'd recommend working with the defaults at start. You can set the profile to Transparent operation mode initially so that you can evaluate if you need to fine-tune the settings at all. I do not know your environment but most likely, anything below 300% is going to be too low, anything above 600% too high.
Hannes_Rapp"Session idle timeout" - 15 mins is common for internet banking front-ends.
"Acceptable intensity rate" - I'm not sure what it is. Are you talking about ASM/L7 DOS protection profile configuration? Where did you find this 'acceptable intensity rate' setting?
- raghav_rao_2526Hi Hannes, Yes, the intensity rate is for L7-DOS. I'm new to F5, I remember having this setting in Barracuda, hence I thought it will in F5 as well but with a different name. Cheers, Rao
- Hannes_RappIn F5 there are L7 DOS protection thresholds. I'd recommend working with the defaults at start. You can set the profile to Transparent operation mode initially so that you can evaluate if you need to fine-tune the settings at all. I do not know your environment but most likely, anything below 300% is going to be too low, anything above 600% too high.
