Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

buzzkiller's avatar
buzzkiller
Icon for Altocumulus rankAltocumulus
Feb 01, 2024

Trigger iRule for DoS event

  I would like to activate an iRule for a DoS event, but I can't seem to figure out how. In the DoS profile, the only option available is a checkbox labeled "Enable." I've checked the document...
security
buzzkiller's avatar
buzzkiller
Icon for Altocumulus rankAltocumulus
Feb 01, 2024

Hello,

First of all, thank you for your answer. 

I just want to be sure that I clearly understood how this works. 

You have a virtual server that has assigned an iRule and a DoS policy. In the iRule you have implement logic for "when IN_DOSL7_ATTACK {}" that is triggered by the DoS policy when an attack is detected. 

Thank you!

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Feb 02, 2024

    Yes as described. 

    I'd recommend creating a test VS and AWAF DOS profile by putting small thresholds values , and attach your irule and DOS profile to that Test VS as well. 

    Try to trigger a simple dos attack and see if it took an effect due to irule of not when this event is triggered. 

    also you can rely on using Log action in your irule to see everything in your /var/log/ltm >> this will valid your are on the right way.