29-Dec-2022 06:03
Hi everyone,
I have VS.
NGINX require script to implement at F5 profile but i dont know where I must config at F5 configuration.
Here the NGINX requirement :
client_max_body_size 5000M;
client_body_buffer_size 5000M;
client_body_timeout 4024;
client_header_timeout 3024;
Where I must config that NGINX requirement to the VS in F5 ??? Using profile or irules ?? How to set up ?
Thanks
Solved! Go to Solution.
11-Jan-2023 14:36
Hi @Satriaji , there are no equivalent settings within Local Traffic Manager but rather they can be found in Application Security Manager or AWAF.
client_max_body_size (awaf setting – file uploads max size)
client_body_buffer_size (awaf setting – advanced config -> System Variables -> request_buffer_size)
client_body_timeout and client_header_timeout (awaf setting - advanced config -> System Variables -> slow_transaction_timeout) Note: we can do idle timeouts with Fasthttp profiles but not standard http profiles.
These are our default profile timeouts. https://support.f5.com/csp/article/K7606 The standard http profile will make it so a (tcp) connection to the backend will not occur until it has a fully rfc compliant http request from the client so it does offer some native protection from slow http type attacks.
Good article on mitigating slow post if that’s a primary concern here. https://support.f5.com/csp/article/K42552578
04-Jan-2023 18:05
Hi @Satriaji - I think that your post might not have gotten an answer because of the holiday lull in traffic. I've asked one of my teammates to take a look and see if they can help you out, and will also feature this in this week's Highlights article to get more eyes on it.
10-Jan-2023 18:09
Hi @Satriaji I'll look into this for you tomorrow
11-Jan-2023 14:36
Hi @Satriaji , there are no equivalent settings within Local Traffic Manager but rather they can be found in Application Security Manager or AWAF.
client_max_body_size (awaf setting – file uploads max size)
client_body_buffer_size (awaf setting – advanced config -> System Variables -> request_buffer_size)
client_body_timeout and client_header_timeout (awaf setting - advanced config -> System Variables -> slow_transaction_timeout) Note: we can do idle timeouts with Fasthttp profiles but not standard http profiles.
These are our default profile timeouts. https://support.f5.com/csp/article/K7606 The standard http profile will make it so a (tcp) connection to the backend will not occur until it has a fully rfc compliant http request from the client so it does offer some native protection from slow http type attacks.
Good article on mitigating slow post if that’s a primary concern here. https://support.f5.com/csp/article/K42552578