Forum Discussion
Config NGINX to F5
Hi everyone,
I have VS.
NGINX require script to implement at F5 profile but i dont know where I must config at F5 configuration.
Here the NGINX requirement :
client_max_body_size 5000M;
client_body_buffer_size 5000M;
client_body_timeout 4024;
client_header_timeout 3024;
Where I must config that NGINX requirement to the VS in F5 ??? Using profile or irules ?? How to set up ?
Thanks
Hi Satriaji , there are no equivalent settings within Local Traffic Manager but rather they can be found in Application Security Manager or AWAF.
client_max_body_size (awaf setting – file uploads max size)
client_body_buffer_size (awaf setting – advanced config -> System Variables -> request_buffer_size)
client_body_timeout and client_header_timeout (awaf setting - advanced config -> System Variables -> slow_transaction_timeout) Note: we can do idle timeouts with Fasthttp profiles but not standard http profiles.
These are our default profile timeouts. https://support.f5.com/csp/article/K7606 The standard http profile will make it so a (tcp) connection to the backend will not occur until it has a fully rfc compliant http request from the client so it does offer some native protection from slow http type attacks.
Good article on mitigating slow post if that’s a primary concern here. https://support.f5.com/csp/article/K42552578
- suyeshNimbostratus
Hi Team,
I have NGINX with the configuration setting server_names_hash_bucket_size 128, this setting needs to be implemented in F5 WAF.
let me know how I can achieve this in f5.
- buulamAdmin
Hi Satriaji , there are no equivalent settings within Local Traffic Manager but rather they can be found in Application Security Manager or AWAF.
client_max_body_size (awaf setting – file uploads max size)
client_body_buffer_size (awaf setting – advanced config -> System Variables -> request_buffer_size)
client_body_timeout and client_header_timeout (awaf setting - advanced config -> System Variables -> slow_transaction_timeout) Note: we can do idle timeouts with Fasthttp profiles but not standard http profiles.
These are our default profile timeouts. https://support.f5.com/csp/article/K7606 The standard http profile will make it so a (tcp) connection to the backend will not occur until it has a fully rfc compliant http request from the client so it does offer some native protection from slow http type attacks.
Good article on mitigating slow post if that’s a primary concern here. https://support.f5.com/csp/article/K42552578
- Leslie_HubertusRet. Employee
Hi Satriaji - I think that your post might not have gotten an answer because of the holiday lull in traffic. I've asked one of my teammates to take a look and see if they can help you out, and will also feature this in this week's Highlights article to get more eyes on it.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com