Denial of Service

This section contains declarations that use a Denial of Service (DoS) profile in order to thwart denial of service attacks.

1: Using a DoS profile in a declaration

This example shows how you can use a Denial of Service (DoS) profile in a declaration. The DoS profile can provide specific attack prevention at a very granular level. In the following example, we include nearly all of the available features in the DoS profile, with the exception of Mobile Defense, which we show in example 10. For detailed information on DoS profiles and the features in this declaration, see DoS Protection and Protocol Firewall Implementations (pdf). Also see the Schema Reference for usage options for using these features in your AS3 declarations.

This declaration creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_dos_01.
  • A DoS profile with blacklisted and whitelisted geolocations and address lists, URL protection, bot defense, rate-based protection and more. See the documentation and schema reference for details.
{
    "class": "ADC",
    "schemaVersion": "3.6.0",
    "id": "DOS_Profile",
    "controls": {
      "class": "Controls",
      "trace": true,
      "logLevel": "debug"
    },
    "Sample_dos_01": {
      "class": "Tenant",
      "Application": {
        "class": "Application",
        "template": "generic",
        "DOS_Profile": {
          "class": "DOS_Profile",
          "application": {
            "blacklistedGeolocations": ["Timor-Leste", "Cocos (Keeling) Islands"],
            "whitelistedGeolocations": ["Bonaire, Saint Eustatius and Saba", "Cote D'Ivoire"],
            "captchaResponse": {
              "first": "Are you a robot&quest;<br><br>%DOSL7.captcha.image% %DOSL7.captcha.change%<br><b>What code is in the image&quest;</b>%DOSL7.captcha.solution%<br>%DOSL7.captcha.submit%<br><br>Your supportID is: %DOSL7.captcha.support_id%.",
              "failure": "Error!<br><br>%DOSL7.captcha.image% %DOSL7.captcha.change%<br><b>What code is in the image&quest;</b>%DOSL7.captcha.solution%<br>%DOSL7.captcha.submit%<br><br>Your support ID is: %DOSL7.captcha.support_id%."
            },
            "heavyURLProtection": {
              "automaticDetectionEnabled": true,
              "detectionThreshold": 16,
              "excludeList": ["example.com"],
              "protectList": [{
                  "url": "www.google.com",
                  "threshold": 0
                }
              ]
            },
            "triggerIRule": true,
            "scrubbingDuration": 42,
            "remoteTriggeredBlackHoleDuration": 10,
            "profileAcceleration": {
              "bigip": "/Common/full-acceleration"
            },
            "botDefense": {
              "mode": "during-attacks",
              "blockSuspiscousBrowsers": true,
              "issueCaptchaChallenge": true,
              "gracePeriod": 4000,
              "crossDomainRequests": "validate-bulk",
              "siteDomains": ["www.google.com"],
              "externalDomains": ["www.yahoo.com"],
              "urlWhitelist": ["www.bing.com"]
            },
            "botSignatures": {
              "checkingEnabled": true,
              "blockedCategories": [{
                  "bigip": "/Common/Search Engine"
                }
              ],
              "reportedCategories": [{
                  "bigip": "/Common/Crawler"
                }
              ]
            },
            "rateBasedDetection": {
              "operationMode": "off",
              "thresholdsMode": "manual",
              "escalationPeriod": 120,
              "deEscalationPeriod": 7200,
              "sourceIP": {
                "minimumTps": 40,
                "tpsIncreaseRate": 500,
                "maximumTps": 200,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true,
                "rateLimitingMode": "rate-limit"
              },
              "deviceID": {
                "minimumTps": 40,
                "tpsIncreaseRate": 500,
                "maximumTps": 200,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true,
                "rateLimitingMode": "rate-limit"
              },
              "geolocation": {
                "minimumShare": 10,
                "shareIncreaseRate": 500,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true,
                "rateLimitingMode": "rate-limit"
              },
              "url": {
                "minimumTps": 40,
                "tpsIncreaseRate": 500,
                "maximumTps": 200,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true
              },
              "site": {
                "minimumTps": 40,
                "tpsIncreaseRate": 500,
                "maximumTps": 200,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true
              }
            },
            "stressBasedDetection": {
              "badActor": {
                "detectionEnabled": false,
                "mitigationMode": "none",
                "signatureDetectionEnabled": false,
                "useApprovedSignaturesOnly": false
              },
              "operationMode": "off",
              "thresholdsMode": "manual",
              "escalationPeriod": 120,
              "deEscalationPeriod": 7200,
              "sourceIP": {
                "minimumTps": 40,
                "tpsIncreaseRate": 500,
                "maximumTps": 200,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true,
                "rateLimitingMode": "rate-limit"
              },
              "deviceID": {
                "minimumTps": 40,
                "tpsIncreaseRate": 500,
                "maximumTps": 200,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true,
                "rateLimitingMode": "rate-limit"
              },
              "geolocation": {
                "minimumShare": 10,
                "shareIncreaseRate": 500,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true,
                "rateLimitingMode": "rate-limit"
              },
              "url": {
                "minimumTps": 40,
                "tpsIncreaseRate": 500,
                "maximumTps": 200,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true,
                "heavyURLProtectionEnabled": true
              },
              "site": {
                "minimumTps": 40,
                "tpsIncreaseRate": 500,
                "maximumTps": 200,
                "minimumAutoTps": 5,
                "maximumAutoTps": 5000,
                "clientSideDefenseEnabled": false,
                "captchaChallengeEnabled": false,
                "rateLimitingEnabled": true
              }
            },
            "recordTraffic": {
              "maximumDuration": 10,
              "maximumSize": 10,
              "recordTrafficEnabled": false,
              "repetitionInterval": 10
            }
          },
          "network": {
            "dynamicSignatures": {
              "detectionMode": "enabled",
              "mitigationMode": "medium",
              "scrubbingEnabled": true,
              "scrubbingCategory": {
                "bigip": "/Common/botnets"
              },
              "scrubbingDuration": 60
            },
            "vectors": [{
                "type": "hop-cnt-low",
                "state": "learn-only",
                "thresholdMode": "manual",
                "rateThreshold": 40000,
                "rateIncreaseThreshold": 600,
                "rateLimit": 1000000,
                "simulateAutoThresholdEnabled": true,
                "badActorSettings": {
                  "enabled": true,
                  "sourceDetectionThreshold": 0,
                  "sourceMitigationThreshold": 0
                },
                "autoBlacklistSettings": {
                  "enabled": true,
                  "category": {
                    "bigip": "/Common/botnets"
                  },
                  "attackDetectionTime": 1,
                  "categoryDuration": 60,
                  "externalAdvertisementEnabled": true
                }
              }
            ]
          },
          "protocolDNS": {
            "vectors": [{
                "type": "ptr",
                "state": "mitigate",
                "thresholdMode": "fully-automatic",
                "autoAttackFloor": 0,
                "autoAttackCeiling": 0
              }
            ]
          },
          "protocolSIP": {
            "vectors": [{
                "type": "cancel",
                "state": "disabled",
                "thresholdMode": "fully-automatic",
                "autoAttackFloor": 4294967295,
                "autoAttackCeiling": 4294967295,
                "rateIncreaseThreshold": 4294967295
              }
            ]
          },
          "whitelist": {
            "use": "addressList"
          },
          "applicationWhitelist": {
            "use": "addressListHTTP"
          }
        },
        "addressList": {
          "class": "Firewall_Address_List",
          "addresses": ["10.0.0.10"]
        },
        "addressListHTTP": {
          "class": "Firewall_Address_List",
          "addresses": ["10.0.0.11"]
        }
      }
    }
  }

Back to top

2: Using a DoS profile for Mobile Defense

This example shows how you can use a Denial of Service (DoS) profile in a declaration specific to mobile protection. See the Schema Reference for usage options for using these features in your AS3 declarations.

This declaration creates the following objects on the BIG-IP:

  • Partition (tenant) named Sample_dos_02.
  • A DoS profile with mobile defense enabled.
{
    "class": "ADC",
    "schemaVersion": "3.6.0",
    "id": "DOS_Profile",
    "Sample_dos_02": {
      "class": "Tenant",
      "Application": {
        "class": "Application",
        "template": "generic",
        "DOS_Profile": {
          "class": "DOS_Profile",
          "application": {
            "scrubbingDuration": 42,
            "remoteTriggeredBlackHoleDuration": 10,
            "mobileDefense": {
              "enabled": true,
              "allowAndroidPublishers": [{
                  "bigip": "/Common/default.crt"
                }
              ],
              "allowAndroidRootedDevice": true,
              "allowIosPackageNames": ["theName"],
              "allowJailbrokenDevices": true,
              "allowEmulators": true,
              "clientSideChallengeMode": "challenge"
            }
          }
        }
      }
    }
  }
  

Back to top