Forum Discussion

Cirrus

Oct 16, 2023

Heavy URL Protection

Hello, Recently practiced heavy duty URL protection in a lab environment... How can I use DVWA or an auction to demonstrate successful use of this feature? How can I demonstrate this in a lab envi...

application delivery

Daniel_Wolf

MVP

Oct 16, 2023

Hi SanYang,

what would you expect to see as a succesful demonstration of Heavy URL protection working?

The idea is, that you use BaDOS - which is L7 DDoS protection based on Machine Learning.
And a heavy URL would a URL which the ML should consider specially, because a request to this URL would cause a high load on the pool member(s) and an attacker could consume all resources on the backend system with just a few requests. See this URL: https://clouddocs.f5.com/training/community/ddos/html/class7/bados/module2.html

You would need a web application that has a similar URL, for example SELECT * FROM a large database.
Then you try a low and slow attack on this URL and see how BaDOS recognizes and mitigates such attack.

KR
Daniel

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Heavy URL Protection

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

Managing NGINX App Protect WAF for Beginners

Cookie-based DDoS protection

Protecting gRPC based APIs with NGINX App Protect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS