DDoS protection with APM module

Hi,

I’m hoping someone can help point me in the right direction regarding an issue we’re facing.

Our main website has been experiencing increasingly frequent DDoS attacks, which currently require manual intervention to mitigate.

Typically, our site handles around 2,000 concurrent connections, but during an attack, this spikes to over 140,000 connections. As a result, our backend servers are overwhelmed and subsequently fail.

We’ve found that enabling an APM click-through page effectively prevents these attacks from reaching the backend servers. However, we currently have to enable this manually via the Virtual Server (VS) settings.

My question is:
Is it possible to write an iRule that automatically enables the APM page if the concurrent connections to the VS exceed 3,000, and then disables it once the connections drop below 3,000?

For reference, I’ve attached the basic APM policy we currently use.

Thank you in advance for any guidance you can provide!

Forum Discussion

DDoS protection with APM module

3 Replies

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Logical Disk Full to Migrate rSeries

How to Verify config before loading to F5

VIP control across data centers - how to ensure only 1 VIP is up at a time?

FQDN Node Configuration

Limit connection per VS and redirect user

Related Content

Cookie-based DDoS protection

Knowledge sharing: Order of precedence for BIG-IP modules, ASM DDOS Protection, Bot Protection

Easily Protect Your Applications from DDoS with F5 Distributed Cloud DDoS Auto-Mitigation

A Guide to F5 Volumetric (Routed) DDoS Protection in F5 Distributed Cloud

F5 Silverline DDoS Protection