For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Patti_G_72768's avatar
Patti_G_72768
Icon for Nimbostratus rankNimbostratus
Oct 24, 2013

iRule syntax - need help with conditional statement

Hi all, I wanted to know if I could request some help with checking if my syntax for something is correct.   This is what I'm trying to write:   If http header keep-alive is true and http head...
application delivery
devops
iRules
Hulk_Smash_1363's avatar
Hulk_Smash_1363
Icon for Nimbostratus rankNimbostratus
Oct 24, 2013

Actually, here's what we're trying to do Kevin. We are trying to find the best approach to mitigate a HULK HTTP Denial of Service attack. It seems like this type of DoS attack has some unique characteristics that may or may not be covered by the DoS profile properties in the ASM. From what I have gathered, this particular type of attack generates unique requests by changing the user agent, the referrer, and the keep alive time. Perhaps you already know more about this. We were using a WAF from another provider that constructed the rule as follows:

 

HULK Attack CUSTOM-HULK-DOS-TOOL-v1 609634 %(WAF_CUSTOM_R609634_DENY) 403

And what we are trying to figure out is if this will require a custom irule, if there is a signature that will address this, or can this be addressed with the DoS profile parameters within a DoS profile.