Updated Date: 04/23/2026
System Preferences
Following are the system settings you can configure in BIG-IP:
Records per Screen
Specifies, for all list screens, the number of records that the system displays by default. The default is 10.
Start Screen
Specifies the screen that initially displays when you open a new browser session for this system. Options are Welcome, Statistics, Performance, Traffic, Network Map, Virtual Servers, Device List, and Wide IPs. The default is Welcome.
Default System Settings
Specifies, when available, that the system expands the configuration options from Basic to Advanced. The default is Basic.
- Basic: Presents the most common and more frequently modified settings for a feature.
- Advanced: Presents all of the configurable settings for a feature.
Display Host Names When Possible
Specifies, when checked (enabled), that the system displays host names, rather than IP addresses, if the IP address has host name associated with it. The default is disabled.
Note: Some pages could experience a page-load delay when configured DNS servers are not responding. This is an expected behavior as the system is attempting to resolve all IP addresses into host names, which depends on DNS server responses.
Statistics Format
Specifies the default format for data on screens that report statistics. The default is Normalized. Note that you can override the default on the individual statistics screens.
- Normalized: Presents values rounded to the nearest whole number.
- Unformatted: Presents actual values to all decimal places. Note that you can override the default format on the individual statistics screens.
Screen Refresh Interval
Specifies the default rate at which the system automatically refreshes statistical data. The default is Disabled. Options are 10 seconds, 20 seconds, 30 seconds, 60 seconds, 3 minutes, and 5 minutes. Note that you can override the default on the individual statistics screens.
Clock :: Display time using a 24-hour clock
Controls display of the Time item at the top of the BIG-IP window in the menu bar. When checked (enabled), displays time in 24-hour format. When unchecked (disabled), displays time in 12-hour format, with an accompanying AM or PM to indicate whether it is before or after 12-noon.
Maximum HTTP Connections To Configuration Utility
Specifies the number of concurrent HTTP connections the browser-based Configuration utility allows. The number of connected users affects performance, and some browsers can handle only a specific number of connections before the user perceives the system as being locked up as the number of connections exhaust browser resources. Once the maximum number is reached, the system refuses additional connections until existing connections end. The default is 10.
Time To Cache Static Files From Configuration Utility
Specifies the number of seconds the browser caches static content in the Configuration utility. Larger values increase browser responsiveness when using the Configuration utility over slow or unreliable connections, such as a WAN. The range of acceptable values is from 1 to 2,147,483,647. The default is 120.
Redirect HTTP to HTTPS
Specifies whether the system directs HTTP requests to the equivalent HTTPS location. For example, when checked (enabled), redirects requests for http://siterequest.domain.com to https://siterequest.domain.com. When cleared (disabled), requests fail if there is no HTTPS equivalent location.
Following are the security settings you can configure in BIG-IP:
Idle Time Before Automatic Logout
Specifies the interval that a connection can remain idle before the system closes the connection. The default is 1200 seconds.
Essentially, the system resets the session timer only when an event occurs that requires data retrieval from the system or data persistence to the system. Examples of actions that do not reset the idle timer include any of the display actions (hiding, showing, collapsing, expanding, or moving items between lists). Actions that reset the timer include navigation to another screen, clicking any button to invoke an action or operation, changing the active partition, opening the help frame, or redisplaying the page in response to a timed-page refresh.
Require A Consistent Inbound IP For the Entire Web Session
Specifies, when checked (enabled), that the inbound IP address must remain the same during the extent of the connection to the BIG-IP system. If the IP address changes from the one used when the login session is authenticated, the system considers that as an attack and automatically logs the user out. When cleared (disabled), specifies that the inbound IP address can change, and that the system retains the connection throughout the session. The default is enabled.
Enforce Idle Timeout While Viewing The Dashboard
Specifies, when checked (enabled), that the browser session timeout is enforced while dashboard is running. When cleared (disabled), the browser session timeout does not occur when dashboard is running. The default is disabled.
Show The Security Banner On The Login Screen
Specifies whether the system presents on the login screen the text you specify in the Security Banner Text To Show On The Login Screen field. If you clear (disable) this option, the system presents an empty frame in the right portion of the login screen. The default is checked (enabled).
Security Banner Text To Show On The Login Screen
Specifies the text to present on the login screen when the Show The Security Banner On The Login Screen option is enabled. The default is Welcome to the BIG-IP Configuration Utility. Log in with your username and password using the fields on the left.
Username Prompt
Specifies the text to present above the user name field (the first of the two text boxes) on the login screen.
Password Prompt
Specifies the text to present above the password field (the second of the two text boxes) on the login screen.
Show Advisory Banner
Specifies whether the system displays an advisory message on the login screen.
Advisory Color
Specifies the background color for the advisory banner.
Advisory Text
Specifies the text to present in the advisory banner.
API Rate Limit (Requests per Second)
Specifies the maximum number of API requests allowed per second from a single client IP address. This setting helps protect the system from excessive API usage that could impact performance. When the limit is exceeded, the system returns an HTTP error response as configured in the Rate Limit HTTP Error Code field. The valid range is 1 to no upper cap limit requests per second with default value of 150.
Rate Limit HTTP Error Code
Specifies the HTTP error code returned to clients when they exceed the configured API rate limit. The valid range is 400 to 499. Common values include 429 (Too Many Requests) or 503 (Service Unavailable). This setting works in conjunction with the API Rate Limit (Requests per Second) setting.
API Request Limit (Total Requests)
Specifies the maximum total number of concurrent API requests allowed across all clients. This global limit helps prevent system resource exhaustion from excessive API traffic. When the limit is reached, new API requests are rejected until existing requests complete. The valid range is 1 to 100 concurrent requests.
To view or update the parameters using TMUI:
- Log in to the BIG-IP Configuration Utility.
- In the Main menu, navigate to System > Preferences.
- In the System Settings section, select Advanced and update the values as per your requirement.
- In the Security Settings section, select Advanced and update the values as per your requirement.
- Click Update to update the preferences.
Rate-limiting capabilities are added to the TMOS iControl REST API, enhancing its security and stability.
The key features include:
- Configuring rate-limiting parameters through REST, CLI, and TMUI.
- Enforcing request limits per client on the
/mgmtendpoint. - Mitigating risks from unthrottled API usage and application-layer DoS attacks targeting the management port.
By throttling iControl REST requests to the /mgmt endpoint based on configured rate limits, this feature improves resilience against DoS attacks.
Restricts the maximum number of requests a single client can send to the /mgmt endpoint per second.
Default Value: 150 requests/second. This value can be adjusted using the api-ratelimit parameter.
Range: Integer value ≥ 1.
Purpose: Helps to throttle bursty API requests from individual clients, reducing the risk of resource exhaustion. Ensures no single client can overload the system with excessive API requests, maintaining overall responsiveness.
Controls the maximum number of concurrent API requests allowed across all clients to the /mgmt iControl REST endpoint.
Default Value: 20. This value can be adjusted using the api-requestlimit parameter.
Range: Integer value between 1 and 50.
Purpose: Avoids resource contention by limiting simultaneous API requests, which helps in controlling the overall system load.
Specifies the HTTP error code returned to clients when they exceed the configured rate limits.
Default Value: 429. This value can be adjusted using the api-ratelimit-errcode parameter.
Range: Valid HTTP status codes from 400 to 499.
Purpose: Provides administrators the flexibility to align error codes with application requirements and improves client feedback during rate-limiting.
To view the current configuration of these parameters, use the following commands in the tmsh shell:
tmsh list sys httpd api-ratelimit
tmsh list sys httpd api-requestlimit
tmsh list sys httpd api-ratelimit-errcodeThese commands will return the current values of api-ratelimit, api-requestlimit, and api-ratelimit-errcode.
To modify the values of these parameters, use the following tmsh commands:
tmsh modify sys httpd api-ratelimit <value>
tmsh modify sys httpd api-requestlimit <value>
tmsh modify sys httpd api-ratelimit-errcode <value>Set api-ratelimit to 160 requests per second:
tmsh modify sys httpd api-ratelimit 160Set api-requestlimit to 25 concurrent requests:
tmsh modify sys httpd api-requestlimit 25Change api-ratelimit-errcode to 403 (Forbidden):
tmsh modify sys httpd api-ratelimit-errcode 403To view the current configuration of these parameters, use the following CURL command:
Request: curl -sk -u <uname>:<pass> -X PATCH -H "Content-Type: application/json" -d '{"<attribute>":<value>}' https://<big-ip>/mgmt/tm/sys/httpd | jq Response: { : : "apiRatelimit": 100, "apiRatelimitErrcode": 429, "apiRequestlimit": 20, : : }To modify the values of these parameters, use the following CURL command:
curl -X PUT -H 'Content-Type: application/json' -d '{"<attribute>": <value>}' --location -sk 'https://<bigip-ip>/mgmt/tm/sys/httpd/' -u <uname>:<password>Set api-ratelimit to 160 requests per second:
curl -sk -u <uname>:<password> -X PATCH -H "Content-Type: application/json" -d '{"api-ratelimit":160}' https://<big-ip>/mgmt/tm/sys/httpdSet api-requestlimit to 25 concurrent requests:
curl -sk -u <uname>:<password> -X PATCH -H "Content-Type: application/json" -d '{"api-requestlimit":40}' https://<big-ip>/mgmt/tm/sys/httpdChange api-ratelimit-errcode to 403 (Forbidden):
curl -sk -u <uname>:<password> -X PATCH -H "Content-Type: application/json" -d '{"api-ratelimit-errcode":150}' https://<big-ip>/mgmt/tm/sys/httpdTo view or update the parameters using TMUI:
- Log in to the BIG-IP Configuration Utility.
- In the Main menu, navigate to System > Preferences.
- In the Security Settings section, select Advanced.
- Modify the values according to your requirements.
- Click Update to save the changes.