jkrumb_39474
Aug 03, 2011Nimbostratus
SSL Renegotiation DOS iRule for BIG-IP 9.4.5 Build 1086.1 Hotfix HF2
Hello,
I am just trying to implement the following iRule on an BIG-IP 9.4.5 Build 1086.1 Hotfix HF2. I know that this iRule is designed to run on V10.x LTMs.
Is there a way to rewrite the rule that I may run on V9.4.5 as well?
when RULE_INIT {
set static::maxquery 5
set static::mseconds 60000
}
when CLIENT_ACCEPTED {
set ssl_hs_reqs 0
}
when CLIENTSSL_HANDSHAKE {
incr ssl_hs_reqs
after $static::mseconds { if {$ssl_hs_reqs > 0} {incr ssl_hs_reqs -1} }
if { $ssl_hs_reqs > $static::maxquery } {
after 5000
log "Handshake attack detected, dropping [IP::client_addr]:[TCP::client_port]"
drop
}
}
The iRule was originally posted at http://devcentral.f5.com/weblogs/david/archive/2011/05/16/ssl-renegotiation-dos-irule-updates.aspx to prevent SSL renegotiation DOS attacks.
BIG-IP V9.4.5 currently doesn't know the TCL command _after_, so the iRule may not be run..
Thank you in advance for any feedback on this
Kind Regards
Joachim