Mitigating Slow HTTP Post DDoS Attacks With iRules
This past week researchers demonstrated a new HTTP DDoS attack in which a slow POST request will result in leaving a connection open longer than necessary. The heart of the attack relies on sending a...
Published Nov 05, 2010
Version 1.0
Hi cweeklund,
Add a log statement before the TCP::close action. Something like this should work:
log local0. "Slow post detected from [IP::addr]. Connection closed."