Exclude uri from slowloris mitigation

Question

how can i enable slowloris mitigation with iRule and exclude specific uri from it ?!ii

samstep · Answer

If you have ASM module enabled then you don't need an iRule as slowloris is already mitigated. LTM with an HTTP Profile configured on the virtual server will also effectively protect your backend servers (pool members) from Slowloris.

You can enhance the protection further by using a Slowloris iRule which will drop the clientside TCP connection if HTTP request is not received within a specific time slot after the connection is established (e.g. 1 second/1000 milliseconds) - this iRule can be found at the bottom of the KnowledgeBase article K10260:

https://support.f5.com/csp/article/K10260

For Slow POST attacks/specific URI - check out this KB Article

https://support.f5.com/csp/article/K42552578

Hope this helps,

Regards,

Sam

Forum Discussion

Exclude uri from slowloris mitigation

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Related Content

CitrixBleed Mitigation CVE-2023-4966

F5 Distributed Cloud L3-L7 DDoS Mitigation

Mitigating OWASP API Security risks using BIG-IP

Maintainers, Slowloris/2, Kobold Letters - April 1st - 7th, 2024 - F5 SIRT - This Week in Security

Mitigating OWASP API Security Top 10 risks using F5 NGINX App Protect