Forum Discussion
Shinichi_Kawai
Nimbostratus
NimbostratusInquiries about Advanced WAF DoS Protection
Hi All, The customer using the BIG-IP i2800 with v17.1 has some questions regarding the Advanced WAF "DoS Protection" feature. Hoping you can help me with a few things below: 1. What is the defi...
Injeyan_Kostas
Nacreous
NacreousAs you're referring to Advanced WAF, it's important to note that it only addresses Layer 7 (L7) DDoS attacks, where 1 HTTP request is considered as 1 transaction.
Attacks such as SYN floods or Smurf (ICMP) attacks are not handled by Advanced WAF, as they occur at lower layers. For these types of attacks, you should consider using LTM (for basic TCP protection) or AFM (for full Layer 3/4 DoS protection).
In such cases, each SYN or ICMP packet is counted as 1 transaction.
Mitigation is automatically lifted once the TPS rate drops below the configured threshold.
Regarding X-Forwarded-For (XFF) headers, ASM uses the first IP address in the list
