Forum Discussion

Cirrus

Sep 26, 2023

How to use ‘PURGE’ and ‘PURGE_URL’ Method in F5 DoS products

Hello, My name is Muntae Kim. How to allow ‘PURGE’ and ‘PURGE_URL’ Method in F5 DDoS product BIG-IP version: - BIG-IP 16.1.3.1 - DDoS Hybrid Defender 16.1.0-9.0.20 When the server in the section...

security

Heath_Parrott

Employee

Normally if a connection is blocked by an F5 security product and HTTP is involved a 200 OK with an error code via the body is presented and a connection is not simply dropped so I would recommend a packet capture to validate where the TCP connection is dropped.

PURGE and PURGE_URL are non standard HTTP methods and are not listed in any RFC. If the TCP connection being dropped by BIG-IP there is a virtual server processing the traffic that has an HTTP security profile applied to it and the methods in question are not on the allowed list via a custom method.

I took a quick look at an HTTP protocol security profile in AFM which shows that PURGE and PURGE_URL are not in our standard list of methods. To allow them one needs to explicitly create them via Security --> Security Profiles --> HTTP. The exact details of the configuration will vary based on how the system is setup and the documentation on the product. I recommend a case be opened to further investigate the config setting you need since DDoS hybrid defender also has wizards that may obfuscate the setting or require other settings be touched.

muntae_kim

Cirrus

Oct 25, 2023

hello. Thank you for your reply.

I previously confirmed that Allow for PURGE_URL is possible when creating iRules as follows. Please review whether the requested item cannot be implemented with the iRules.

(In addition, url_destroy was a syntax that did not work in that version.)

Edit the iRule:

In the "Definition" section, add the following iRule script:

when HTTP_REQUEST {

if {[HTTP::method] equals "PURGE" || [HTTP::method] equals "PURGE_URL"} {

set allow_purge_method 1

}

when HTTP_RESPONSE {

if { [info exists allow_purge_method] } {

unset allow_purge_method

set respond_purge_method 1

}

when RULE_INIT {

set respond_purge_method 0

set allow_purge_method 0

}

when RULE_DESTROY {

if { [info exists allow_purge_method] } {

unset allow_purge_method

}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How to use ‘PURGE’ and ‘PURGE_URL’ Method in F5 DoS products

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

[More Question] How to use ‘PURGE’ and ‘PURGE_URL’ Method in F5 DoS products

Achieving an SSL Labs A+ score with F5 products

Product certification

Secure OWASP API Top 10 with F5 products | Start here

Deploying WAF in production using Azure Resource Manager template with F5 Nginx App Protect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS