Forum Discussion

Nimbostratus

Nov 29, 2010

Mitigating Slow HTTP Post DDoS Attacks With iRules

I have tried to implement the "slow http post ddos.." iRule, but I got some errors. http://devcentral.f5.com/Tutorials/...Rules.aspx when HTTP_REQUEST { if { [HTTP::method] equal...

Nimbostratus

Dec 03, 2010

Is this config appropriate for handling slow post dilemma?

when RULE_INIT {

set static::timeout 20

}

when HTTP_REQUEST {

if { [HTTP::method] equals "POST"} {

if {[HTTP::header Content-Length] > 1}{

set collect_length [HTTP::header Content-Length]

set timeout $static::timeout } }

if {[info exists collect_length]}{

set id [after $timeout {

HTTP::respond 500 content "Your POST is to slow"

TCP::close

}]

HTTP::collect $collect_length

}

when HTTP_REQUEST_DATA {

if {[info exists id]} {

after cancel $id

}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Mitigating Slow HTTP Post DDoS Attacks With iRules

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

iRule to assist with CVE-2022-22965 mitigation

CitrixBleed Mitigation CVE-2023-4966

Mitigate TokenChpoken attack on PeopleSoft

LineRate: Range header attack mitigation

OWASP Mitigation Strategies Part 2: XSS Attacks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS