Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

How to use ‘PURGE’ and ‘PURGE_URL’ Method in F5 DoS products


Hello, My name is Muntae Kim.

How to allow ‘PURGE’ and ‘PURGE_URL’ Method in F5 DDoS product

BIG-IP version:
- DDoS Hybrid Defender 16.1.0-9.0.20

When the server in the section passing through the F5 DDoS product executes the following curl command, a connection cannot be established due to a connection reset message.

[root@uxe1253 ~]# curl -X PURGE
curl: (56) Recv failure: Connection reset by peer

I need to allow methods for 'PURGE' and 'PURGE_URL' in F5. Can you tell me how to set this?

Thank you.



Community Manager
Community Manager

@Heath_Parrott - can you please help answer this question, or tag someone who can?

F5 Employee
F5 Employee

Normally if a connection is blocked by an F5 security product and HTTP is involved a 200 OK with an error code via the body is presented and a connection is not simply dropped so I would recommend a packet capture to validate where the TCP connection is dropped. 

PURGE and PURGE_URL are non standard HTTP methods and are not listed in any RFC.  If the TCP connection being dropped by BIG-IP there is a virtual server processing the traffic that has an HTTP security profile applied to it and the methods in question are not on the allowed list via a custom method.  

I took a quick look at an HTTP protocol security profile in AFM which shows that PURGE and PURGE_URL are not in our standard list of methods.  To allow them one needs to explicitly create them via Security --> Security Profiles --> HTTP.  The exact details of the configuration will vary based on how the system is setup and the documentation on the product.  I recommend a case be opened to further investigate the config setting you need since DDoS hybrid defender also has wizards that may obfuscate the setting or require other settings be touched. 

hello. Thank you for your reply.

I previously confirmed that Allow for PURGE_URL is possible when creating iRules as follows. Please review whether the requested item cannot be implemented with the iRules.

(In addition, url_destroy was a syntax that did not work in that version.)


  1. Edit the iRule:

In the "Definition" section, add the following iRule script:


if {[HTTP::method] equals "PURGE" || [HTTP::method] equals "PURGE_URL"} {

set allow_purge_method 1




if { [info exists allow_purge_method] } {

unset allow_purge_method

set respond_purge_method 1



when RULE_INIT {

set respond_purge_method 0

set allow_purge_method 0



if { [info exists allow_purge_method] } {

unset allow_purge_method