security vulnerability in security scanning: slow HTTP attacks
Hi, My company's F5 device has a security vulnerability in security scanning: slow HTTP attacks,I found that there is an irules on the askf5 website for Mitigating Slowloris DoS attacks(https://support.f5.com/csp/article/K10260😞
when CLIENT_ACCEPTED {
set rtimer 0
after 1000 {
if { not $rtimer} {
drop
}
}
}
when HTTP_REQUEST {
set rtimer 1
}
Note: This iRule may cause issues for legitimate users connecting over very slow links.
But I'm worried that legitimate users will have a slow connection due to network delay, which will lead to the problem of connection reset,So i wrote an irules. Can this irules effectively deal with security scanning and slow HTTP attacks?Thanks!
when CLIENT_ACCEPTED {
set id [after 1000 {
TCP::close
}]
}
when HTTP_REQUEST {
if {[info exists id]} {
after cancel $id
}
}