For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SanYang's avatar
SanYang
Icon for Cirrostratus rankCirrostratus
Oct 16, 2023

Heavy URL Protection

Hello, Recently practiced heavy duty URL protection in a lab environment... How can I use DVWA or an auction to demonstrate successful use of this feature? How can I demonstrate this in a lab envi...
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Oct 16, 2023

Hi SanYang,

what would you expect to see as a succesful demonstration of Heavy URL protection working?

The idea is, that you use BaDOS - which is L7 DDoS protection based on Machine Learning.
And a heavy URL would a URL which the ML should consider specially, because a request to this URL would cause a high load on the pool member(s) and an attacker could consume all resources on the backend system with just a few requests. See this URL: https://clouddocs.f5.com/training/community/ddos/html/class7/bados/module2.html 

You would need a web application that has a similar URL, for example SELECT * FROM a large database.
Then you try a low and slow attack on this URL and see how BaDOS recognizes and mitigates such attack.

KR
Daniel