Applies To:

Show Versions Show Versions

Manual Chapter: Dynamic Attack Mitigation
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


The BIG-IP data center firewall can provide dynamic attack mitigation through the use of iRules. You can find detailed examples on F5 Networks DevCentral web site, located at

Server resource cloaking

Server resource cloaking is one way to hide server-specific information from snooping clients. For example, you can write an iRule such as the following to clean web server signatures. This prevents unwanted information from being transmitted to hackers attempting to fingerprint the application and servers that run on a web site.

1 when HTTP_RESPONSE { 2 # 3 # Remove all but the given headers. 4 # 5 HTTP::header sanitize "ETag" "Content-Type" "Connection" 6 }

Protection from Apache Killer attacks

You can create iRules to prevent various DDoS attacks from succeeding on the network.

The following shows an example of an iRule that guards against an Apache Killer attack.

when HTTP_REQUEST { if { [HTTP::header exists "Range"] and ([HTTP::header "Range"] matches_regex {(,.*?){40,}}) } { log local0. "## Range attack CVE-2011-3192 detected from [IP::client_addr] on Host [HTTP::host]. [llength [split [HTTP::header "Range"], ","]] ranges requested." HTTP::header remove Range return }
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Additional Comments (optional)