Forum Discussion

Satriaji's avatar
Satriaji
Icon for Cirrus rankCirrus
Dec 29, 2022
Solved

Config NGINX to F5

Hi everyone,

I have VS.

NGINX require script to implement at F5 profile but i dont know where I must config at F5 configuration.

Here the NGINX requirement :

client_max_body_size 5000M;

client_body_buffer_size 5000M;

client_body_timeout 4024;

client_header_timeout 3024;

 

Where I must config that NGINX requirement to the VS in F5 ??? Using profile or irules ?? How to set up ? 

 

Thanks

 

 

 

application delivery
cloud
devops
NGINX
profile
security
  • buulam's avatar
    buulam
    Jan 11, 2023

    Hi Satriaji , there are no equivalent settings within Local Traffic Manager but rather they can be found in Application Security Manager or AWAF.

    client_max_body_size  (awaf setting – file uploads max size)

    client_body_buffer_size (awaf setting – advanced config -> System Variables -> request_buffer_size)

    client_body_timeout and client_header_timeout (awaf setting - advanced config -> System Variables -> slow_transaction_timeout) Note: we can do idle timeouts with Fasthttp profiles but not standard http profiles.

    These are our default profile timeouts. https://support.f5.com/csp/article/K7606  The standard http profile will make it so a (tcp) connection to the backend will not occur until it has a fully rfc compliant http request from the client so it does offer some native protection from slow http type attacks.

    Good article on mitigating slow post if that’s a primary concern here. https://support.f5.com/csp/article/K42552578

4 Replies

Sort By
    • buulam's avatar
      buulam
      Icon for Admin rankAdmin
      Jan 11, 2023

      Hi Satriaji , there are no equivalent settings within Local Traffic Manager but rather they can be found in Application Security Manager or AWAF.

      client_max_body_size  (awaf setting – file uploads max size)

      client_body_buffer_size (awaf setting – advanced config -> System Variables -> request_buffer_size)

      client_body_timeout and client_header_timeout (awaf setting - advanced config -> System Variables -> slow_transaction_timeout) Note: we can do idle timeouts with Fasthttp profiles but not standard http profiles.

      These are our default profile timeouts. https://support.f5.com/csp/article/K7606  The standard http profile will make it so a (tcp) connection to the backend will not occur until it has a fully rfc compliant http request from the client so it does offer some native protection from slow http type attacks.

      Good article on mitigating slow post if that’s a primary concern here. https://support.f5.com/csp/article/K42552578

  • Leslie_Hubertus's avatar
    Leslie_Hubertus
    Ret. Employee
    Jan 05, 2023

    Hi Satriaji - I think  that your post might not have gotten an answer because of the holiday lull in traffic. I've asked one of my teammates to take a look and see if they can help you out, and will also feature this in this week's Highlights article to get more eyes on it. 

  • suyesh's avatar
    suyesh
    Icon for Nimbostratus rankNimbostratus
    Feb 23, 2024

    Hi Team,

    I have NGINX with the configuration setting server_names_hash_bucket_size 128, this setting needs to be implemented in F5 WAF.

    let me know how I can achieve this in f5.