For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Satriaji's avatar
Satriaji
Icon for Cirrus rankCirrus
Dec 29, 2022
Solved

Config NGINX to F5

Hi everyone,

I have VS.

NGINX require script to implement at F5 profile but i dont know where I must config at F5 configuration.

Here the NGINX requirement :

client_max_body_size 5000M;

client_body_buffer_size 5000M;

client_body_timeout 4024;

client_header_timeout 3024;

 

Where I must config that NGINX requirement to the VS in F5 ??? Using profile or irules ?? How to set up ? 

 

Thanks

 

 

 

application delivery
cloud
devops
NGINX
profile
security
  • buulam's avatar
    buulam
    Jan 11, 2023

    Hi Satriaji , there are no equivalent settings within Local Traffic Manager but rather they can be found in Application Security Manager or AWAF.

    client_max_body_size  (awaf setting – file uploads max size)

    client_body_buffer_size (awaf setting – advanced config -> System Variables -> request_buffer_size)

    client_body_timeout and client_header_timeout (awaf setting - advanced config -> System Variables -> slow_transaction_timeout) Note: we can do idle timeouts with Fasthttp profiles but not standard http profiles.

    These are our default profile timeouts. https://support.f5.com/csp/article/K7606  The standard http profile will make it so a (tcp) connection to the backend will not occur until it has a fully rfc compliant http request from the client so it does offer some native protection from slow http type attacks.

    Good article on mitigating slow post if that’s a primary concern here. https://support.f5.com/csp/article/K42552578

4 Replies

  • suyesh's avatar
    suyesh
    Icon for Nimbostratus rankNimbostratus
    Feb 23, 2024

    Hi Team,

    I have NGINX with the configuration setting server_names_hash_bucket_size 128, this setting needs to be implemented in F5 WAF.

    let me know how I can achieve this in f5.

    • buulam's avatar
      buulam
      Icon for Admin rankAdmin
      Jan 11, 2023

      Hi Satriaji , there are no equivalent settings within Local Traffic Manager but rather they can be found in Application Security Manager or AWAF.

      client_max_body_size  (awaf setting – file uploads max size)

      client_body_buffer_size (awaf setting – advanced config -> System Variables -> request_buffer_size)

      client_body_timeout and client_header_timeout (awaf setting - advanced config -> System Variables -> slow_transaction_timeout) Note: we can do idle timeouts with Fasthttp profiles but not standard http profiles.

      These are our default profile timeouts. https://support.f5.com/csp/article/K7606  The standard http profile will make it so a (tcp) connection to the backend will not occur until it has a fully rfc compliant http request from the client so it does offer some native protection from slow http type attacks.

      Good article on mitigating slow post if that’s a primary concern here. https://support.f5.com/csp/article/K42552578

  • Leslie_Hubertus's avatar
    Leslie_Hubertus
    Ret. Employee
    Jan 05, 2023

    Hi Satriaji - I think  that your post might not have gotten an answer because of the holiday lull in traffic. I've asked one of my teammates to take a look and see if they can help you out, and will also feature this in this week's Highlights article to get more eyes on it.