F5 Distributed Cloud L7 DoS Attack Mitigation Roundup

Ensuring availability for applications that are Layer7 connected and delivered with F5 Distributed Cloud Regional Edges (RE), DoS attack mitigation provides service resiliency. Attacks are mitigated at the F5 regional edge and global backbone before reaching bandwidth limited network segments and vulnerable services downstream.

New capabilities have been added to L7 DoS protection in Distributed Cloud:

• Requests per second thresholds
  • Requests Per Second (RPS) threshold is now configurable for L7 DDoS Detection. L7 DDoS Protection and Mitigation will engage when the defined RPS threshold is exceeded, and origin health degradation is detected.

• Alternate mitigation with JS or CAPTCHA Challenge
  • You can now configure JS or CAPTCHA challenges as an L7 DDoS mitigation action, which is applied to all users when a Layer 7 DDoS attack is detected, providing an additional layer of security against such threats.

When combined, DoS attack mitigation (RPS) tuning can trigger events sooner, and the custom mitigation action enables flexible protection settings. Either immediately block connectivity to the service or prompt clients with challenge, making using DoS protection adaptable for apps and services that have differing volumes of traffic and types of users.

Under an attack? Distributed Cloud also supports custom service policies that apply only when being attacked. This makes it possible to configure exception-tier services by allowing apps to continue to be available to select groups of users and customers, while broadly mitigating unidentified users and traffic.

The following video provides an example showing how custom service policies in Distributed Cloud can be used to provide different tiers of service while under a DoS attack.

L7 DoS Settings & Streamlined Observability

In addition to DoS attack mitigation capabilities, enhancements to the Distributed Cloud load balancer security dashboards make it easy to spot detected DoS attacks, their origin, and see auto-mitigations that have occurred.

The following video provides an overview of recent security dashboard enhancements focusing on L7 DoS mitigation.

An Interactive Product Experience

The following interactive product experience provides an L3/L4 Volumetric (Routed) DDoS overview as well as a separate L7 DoS walkthrough. This shows more details for configuring L7 DoS in Distributed Cloud as well as where to go to observe mitigations, attack events, and security alerts.

https://f5.navattic.com/mra0ud8

Additional Resources

• Easily Protect Your Applications from DDoS with F5 Distributed Cloud DDoS Auto-Mitigation
• Video: F5 Distributed Cloud (F5 XC) DoS Protection – Basic features
• F5 Distributed Cloud L3-L7 DDoS Mitigation – Basic setup and configuration