Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Exclude uri from slowloris mitigation

Hamid20n
Altocumulus
Altocumulus

‎30-Dec-2021 12:52

how can i enable slowloris mitigation with iRule and exclude specific uri from it ?!ii

Labels:
0 Kudos
1 REPLY 1

samstep
Cirrostratus
Cirrostratus

‎31-Dec-2021 12:30

If you have ASM module enabled then you don't need an iRule as slowloris is already mitigated. LTM with an HTTP Profile configured on the virtual server will also effectively protect your backend servers (pool members) from Slowloris.

You can enhance the protection further by using a Slowloris iRule which will drop the clientside TCP connection if HTTP request is not received within a specific time slot after the connection is established (e.g. 1 second/1000 milliseconds) - this iRule can be found at the bottom of the KnowledgeBase article K10260:

 

https://support.f5.com/csp/article/K10260

 

For Slow POST attacks/specific URI - check out this KB Article

 

https://support.f5.com/csp/article/K42552578

 

Hope this helps,

 

Regards,

Sam

 

0 Kudos
Copyright © 2023 Khoros, LLC