10-Jul-2023 04:28
Hi All
How can I use Big IP F5 to detect and block bulk HTTP requests to my website, which specific module and rule can be leveraged from Big IP WAF?
Also, how can the Big IP WAF be leveraged to block slow loris attacks? is there any out-of-the-box rule that we can leverage and customize?
Thanks & Regards
SAM
10-Jul-2023 05:26
So, first I would take a look at this good writeup available on DevCentral:
Also, take a look here and search for "Web Applications". It will tell you how to setup DDoS protection for HTTP and HTTPS:
10-Jul-2023 05:47
Hi @sim2022 ,
Do you mean DoS attacks ?
10-Jul-2023 21:48 - edited 10-Jul-2023 21:54
For DOS attacks you better use DOS and BOT protection profiles as most DOS attacks come from Bots, so the Bot profile will block the Bots and the DOS profile will stop the DOS attack if the Bot profile did not manage to handle the Bot detections or the DOS attack commes from human farms that do DOS attacks. Better use the DOS profile with latency detection as it generates less false positives.
https://my.f5.com/manage/s/article/K42323285
For slow loris just use HTTP profile on the VIP as F5 has native protection for such attacks https://my.f5.com/manage/s/article/K10260
For blocking attackers that use scanners and generate many web attacks review the session tracking option in the AWAF that can block user ip addresses or device ID if they generate too many violations:
https://my.f5.com/manage/s/article/K02212345
I suggest to read the F5 AWAF operations to be able to effectively utilize the F5 WAF options:
https://my.f5.com/manage/s/article/K85426947
14-Jul-2023 08:07
@sim2022,
If your issue was resolved please choose Accept As Solution on one (or more) replies.
This helps other members find answers more quickly and confirms the efforts of those who helped.
Thanks for being part of our community.
Lief