Forum Discussion

Nimbostratus

Sep 09, 2011

I need opinions on how to handle rejects

I have written an irule to reject certain URI requests. As of now, the user would receive a simple 404 error, HTTP::respond 404. However, I don't want a poential hacker aware that something exists ...

Historic F5 Account

Sep 09, 2011

Hi mraful,

This is a great place to use a honeypot. If you know the approximate rate of requests a normal user would make to a virtual, you can set an upper bound of 10x the normal usage. If that user exceeds that threshold, then throw that user into a separate pool that goes nowhere. The table command (http://devcentral.f5.com/wiki/iRules.table.ashx) is great for counting things and expiring those counters after a certain period of time. Hope this helps,

George

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

I need opinions on how to handle rejects

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

AI Security : Prompt Injection and Insecure Output Handling.

Intermediate iRules: Handling Strings

Intermediate iRules: Handling Lists

Wanted: NetOps with Opinions

Handling HTTP Requests on an HTTPS Virtual Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS