Forum Discussion

Altostratus

Nov 25, 2012

SSL_renegotiation_DOS_mitigation

Hi, I've been looking at this https://devcentral.f5.com/wiki/iRules.Print.aspx?Page=iRules.SSL_renegotiation_DOS_mitigation I am confused by the iRule, where and when is hs_count ini...

Cirrostratus

Nov 26, 2012

Nice catch. I updated the Codeshare example to set hs_count to 0 in CLIENT_ACCEPTED.

J, the reason you'd want to use this iRule is if you needed to support renegotiation (secure or insecure) but want to limit how many times a client can attempt to renegotiate the session ID to mitigate a DoS attack.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)