Forum Discussion
1qaz
Nimbostratus
Nimbostratussecurity vulnerability in security scanning: slow HTTP attacks
Hi, My company's F5 device has a security vulnerability in security scanning: slow HTTP attacks,I found that there is an irules on the askf5 website for Mitigating Slowloris DoS attacks(https://suppo...
Dario_Garrido
Noctilucent
NoctilucentHello 1qaz.
I've not tested your iRule in my environment, but if you analyze the code, you will see that your logic approach is equivalent to the F5 proposal, so legitimate users over very slow links will have the same problem as with the other iRule.
This is the F5 iRule explained.
when CLIENT_ACCEPTED {
# Set variable 'rtimer' to zero
set rtimer 0
# Run this next code after 1 second
after 1000 {
# if the connection is still zero (HTTP_REQUEST event didn't occur), drop the connection
if { not $rtimer} {
drop
}
}
}
when HTTP_REQUEST {
# This query is legitime, so change 'rtimer' to one
set rtimer 1
}
