Forum Discussion

buzzkiller's avatar
buzzkiller
Icon for Altostratus rankAltostratus
Feb 01, 2024

Trigger iRule for DoS event

 

I would like to activate an iRule for a DoS event, but I can't seem to figure out how.

In the DoS profile, the only option available is a checkbox labeled "Enable."

I've checked the documentation, and it simply mentions the "Trigger iRule" setting without providing clear instructions on configuring an iRule for DoS events (referencing section 5.2 at https://techdocs.f5.com/en-us/bigiq-7-0-0/big-iq-manage-layer-7-security-objects/modifying-a-dos-profile-to-improve-object-protection.html).

How can I set up an iRule specifically for managing DoS events? I couldn't find more information on this, and I'm wondering if I'm overlooking something.

Appreciate your help!

3 Replies

  • Hello,

    First of all, thank you for your answer. 

    I just want to be sure that I clearly understood how this works. 

    You have a virtual server that has assigned an iRule and a DoS policy. In the iRule you have implement logic for "when IN_DOSL7_ATTACK {}" that is triggered by the DoS policy when an attack is detected. 

    Thank you!

    • Yes as described. 

      I'd recommend creating a test VS and AWAF DOS profile by putting small thresholds values , and attach your irule and DOS profile to that Test VS as well. 

      Try to trigger a simple dos attack and see if it took an effect due to irule of not when this event is triggered. 

      also you can rely on using Log action in your irule to see everything in your /var/log/ltm >> this will valid your are on the right way.