For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

TiborP's avatar
TiborP
Icon for Altostratus rankAltostratus
Oct 08, 2021
Solved

How to exclude URL from DoS protection?

I have DoS Protection profile configured and applied to virtual server. I want to protect application where one URL is used to something like "check" and this URL is called from client every second. ...
ASM Advanced WAF
DoS Protection
security
  • Abdessamad1's avatar
    Abdessamad1
    Oct 08, 2021

    You can do this with two options:

     

    1- using a LTM policy with two rules, one default that enable l7dos, and one specific to your URL that disables l7dos.

    2- using an iRule with DOSL7::enable and DOSL7::disable commands.

     

    But one thing to be checked/tested is if the disable/enable actions apply only to the current transaction or to the whole TCP connection.

Abdessamad1's avatar
Abdessamad1
Icon for Cirrostratus rankCirrostratus
Oct 08, 2021

You can do this with two options:

 

1- using a LTM policy with two rules, one default that enable l7dos, and one specific to your URL that disables l7dos.

2- using an iRule with DOSL7::enable and DOSL7::disable commands.

 

But one thing to be checked/tested is if the disable/enable actions apply only to the current transaction or to the whole TCP connection.

  • TiborP's avatar
    TiborP
    Icon for Altostratus rankAltostratus
    Oct 11, 2021

    Thank you Abdessamad,

    I have used LTM policy and this works fine. In statistics I have possibility to choose traffic with DoS policy applied (which is traffic without this excluded URL). I can set up thresholds in DoS policy configuration at low levels which is for traffic without excluded URL and this works too. I get alarms (events) for this new setup.