Forum Discussion

Nimbostratus

Oct 06, 2016

iRule for DNS Flood protection

Hi Team, We have implemented new F5 AFM/ASM DDOS boxes. We need to create iRule to protect DNS flood from some range of IP but we need to whitelistdnsdomain. when DNS_REQUEST {set fqdn [DNS::que...

AFM

iRules

security

Migara_61430
Oct 06, 2016
You can apply a similar logic

https://devcentral.f5.com/codeshare/http-request-throttle-version-101-and-above

Migara_61430

Historic F5 Account

Oct 06, 2016

This logic will drop all the DNS queries belongs to a FQDN, unless that FQDN is in your whitelist. If that's what you want to do, yes, this will work.

If you want some sort of rate limiting then you will have to implement a logic with a counter and drop packets based on requests per second.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule for DNS Flood protection

Recent Discussions

Upgrade F5 BIGIP

MAC address of deleted VS IP address still responsive

ports are showing open on online scanning tool

how to whitelist new source IP on F5 web UI access

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

Related Content

Limiting HTTP/HTTPS GET and POST Flood Attacks using an iRule

aWAF DOS Protection Licensing

GTM License: iRule for DNS Flood protection

How to protect Contact Form from spam?

iRULE regsub error

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS