F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP AFM: DoS/DDoS Protection Implementations
  3. About custom DoS/DDoS attack signatures
Manual Chapter : About custom DoS/DDoS attack signatures

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

About custom DoS/DDoS attack signatures

About custom DoS/DDoS attack signatures

BIG-IP AFM allows you to create custom Network and DNS type DoS attack signatures when the default attack signatures do not match a new or unique type of DoS traffic. Familiarize yourself with the following options prior to creating a new DoS signature.
The HTTP and TLS attack signatures are available for use when the Application Security Manager (ASM) module is provisioned.
Signature option
Description
Name
A unique name identifying the signature object.
Tags
Tags are used to classify signatures. You can use tags to filter signature lists. For example, use a tag like Flood to group all flood attack signatures.
Description
Describe the purpose of the signature.
Alias
A alternate name for the signature.
Approved
Select the check box to indicate that the signature has been reviewed and approved.
Shareable
Indicates that the signature can be used by other protected objects (virtual servers) and protection profiles. All shareable signatures are accepted on any profile for which signatures are enabled.
Predicates List
One or more match expressions, joined by logical operators, which the system uses to match traffic that is causing a DoS attack. You can edit the predicates (and all properties) of persistent signatures, and view the predicates of dynamic signatures. To add predicates when creating a persistent signature, click Add, select a predicate, specify the match expression, and the value.

Create a custom DoS attack signature

You can create custom Network or DNS DoS attack types for traffic patterns not matching one of the default attack signatures.
  1. On the Main tab, click
    Security
    DoS Protection
    Signatures
    .
  2. Click
    Add Signature
     within the
    Persistent
     area.
    The Properties pane opens on the right.
  3. Select either Network or DNS from the family list.
  4. Enter a unique
    Signature Name
     for the attack signature.
  5. Click the
    Tags
    icon to define one or more optional search tags.
    Be sure to press
    Enter
     after each tag and click
    Done
     to associate all of the tags with the signature.
  6. Enter an optional
    Description
     and
    Alias
    .
  7. Click
    Add
    in the Predicates List area.
  8. Scroll through the Predicates List and select a predicate.
  9. Select the predicate match expression and value.
  10. Repeat steps 7 through 9 to add additional predicates.
  11. Click
    Create
    .
The new attack signature can now be viewed and modified when you click the Persistent area.
Use the new attack signature when creating or modifying a new protection profile or when enabling device protection.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information