Forum Discussion

Nimbostratus

Jun 19, 2009

Slowloris

Does any know how ASM would handle this recently posted Denial of Service attack: http://ha.ckers.org/slowloris/ The concept is the client hogs sockets by slowly tricklin...

app sec

BIG-IP Access Policy Manager (APM)

security

David_Holmes_9

Historic F5 Account

Aug 16, 2011

Lukas,

To defend against slowloris you only need to have an http profile attached to your virtual. This will cause BIG-IP to hold the connection until the headers are complete before sending on the servers: since Slowloris never completes the headers, the Slowloris connection will never hit the server.

We haven't seen any instances of Slowloris over SSL yet. Please let us know if you see that happening. If you do see a Slowloris/SSL attack, the defense is the same -- just make sure that your HTTPS virtual has an http profile (it probably already does).

David

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)