Balasubramaniy2
Sep 02, 2018Nimbostratus
DDoS config migration to F5
- stick-table type ip size 100k expire 30s store conn_rate(3s) Allow clean known IPs to bypass the filter
- tcp-request connection accept if { src -f /etc/haproxy/whitelist.lst } Example Whitelist: 10.0.10.2/24,10.0.0.0/16,10.10.10.20 Shut the new connection as long as the client has already 10 opened
- tcp-request connection reject if { src_conn_rate ge 10 } tcp-request connection track-sc1 src
How to achieve the above setup in F5?