Manual Chapter : About custom DoS/DDoS attack signatures

Applies To:

Show Versions Show Versions


  • 15.0.1, 15.0.0
Manual Chapter

About custom DoS/DDoS attack signatures

BIG-IP AFM allows you to create custom Network and DNS type DoS attack signatures when the default attack signatures do not match a new or unique type of DoS traffic. Familiarize yourself with the following options prior to creating a new DoS signature.
The HTTP and TLS attack signatures are available for use when the Application Security Manager (ASM) module is provisioned.
Signature option
A unique name identifying the signature object.
Tags are used to classify signatures. You can use tags to filter signature lists. For example, use a tag like Flood to group all flood attack signatures.
Describe the purpose of the signature.
A alternate name for the signature.
Select the check box to indicate that the signature has been reviewed and approved.
Indicates that the signature can be used by other protected objects (virtual servers) and protection profiles. All shareable signatures are accepted on any profile for which signatures are enabled.
Predicates List
One or more match expressions, joined by logical operators, which the system uses to match traffic that is causing a DoS attack. You can edit the predicates (and all properties) of persistent signatures, and view the predicates of dynamic signatures. To add predicates when creating a persistent signature, click Add, select a predicate, specify the match expression, and the value.