Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

SanYang's avatar
SanYang
Icon for Cirrostratus rankCirrostratus
Oct 15, 2023

Heavy URL Protection

Hello, Recently practiced heavy duty URL protection in a lab environment... How can I use DVWA or an auction to demonstrate successful use of this feature? How can I demonstrate this in a lab envi...
application delivery
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Oct 16, 2023

Hi SanYang,

what would you expect to see as a succesful demonstration of Heavy URL protection working?

The idea is, that you use BaDOS - which is L7 DDoS protection based on Machine Learning.
And a heavy URL would a URL which the ML should consider specially, because a request to this URL would cause a high load on the pool member(s) and an attacker could consume all resources on the backend system with just a few requests. See this URL: https://clouddocs.f5.com/training/community/ddos/html/class7/bados/module2.html 

You would need a web application that has a similar URL, for example SELECT * FROM a large database.
Then you try a low and slow attack on this URL and see how BaDOS recognizes and mitigates such attack.

KR
Daniel