Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

Detect and block HTTP/S related attacks using WAF


Hi All

How can I use Big IP F5 to detect and block bulk HTTP requests to my website, which specific module and rule can be leveraged from Big IP WAF?
Also, how can the Big IP WAF be leveraged to block slow loris attacks? is there any out-of-the-box rule that we can leverage and customize?

Thanks & Regards




So, first I would take a look at this good writeup available on DevCentral:

Also, take a look here and search for "Web Applications". It will tell you how to setup DDoS protection for HTTP and HTTPS:

Hi @sim2022 , 

Do you mean DoS attacks ? 

Mohamed Kansoh

For DOS attacks you better use DOS and BOT protection profiles as most DOS attacks come from Bots, so the Bot profile will block the Bots and the DOS profile will stop the DOS attack if the Bot profile did not manage to handle the Bot detections or the DOS attack commes from human farms that do DOS attacks. Better use the DOS profile with latency detection as it generates less false positives.


For slow loris just use HTTP profile on the VIP as F5 has native protection for such attacks


For blocking attackers that use scanners and generate many web attacks review the session tracking option in the AWAF that can block user ip addresses or device ID if they generate too many violations:


I suggest to read the F5 AWAF operations to be able to effectively utilize the F5 WAF options:


Community Manager
Community Manager

If your issue was resolved please choose Accept As Solution on one (or more) replies.

This helps other members find answers more quickly and confirms the efforts of those who helped.
Thanks for being part of our community.