Angel_Martinez_
Nimbostratus
NimbostratusPersistence Flood
Hi
I would like if the BigIP LTM has any prevention system against a persistence table flood...
If we're playing with iRules adding persistence based on Set-Cookie I guess we could be in troubles if a bad user is asking for a new session doing a flood attack...
In my case:
when HTTP_RESPONSE {
if { [HTTP::header exists Set-Cookie] } {
persist add uie [HTTP::cookie "JSID"] 300
}
}
So the application gives us always a cookie if you ask for:
GET /login HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: es
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: oi2.cm.es
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Tue, 17 Nov 2009 09:34:59 GMT
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: no-cache="set-cookie"
Pragma: No-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Set-Cookie: JSID=TYyqLCnDTk5gJvYhjHGjlNsFGyGqTmJ7vDj2pzDyT1RZKL6Nw3LZ!-124989947!2116557276; path=/
Content-Language: es
Connection: close
Content-Type: text/html; charset=UTF-8
I was wondering about give a really low persistence time at "persist uie add" like 5 seconds and when the rest of the traffic goes give a high persistence value...
something like this:
when HTTP_RESPONSE {
if { [HTTP::header exists Set-Cookie] } {
persist add uie [HTTP::cookie "JSID"] 5
}
}
when HTTP_REQUEST {
if { [active_members mypool] > "0" } {
if { [HTTP::cookie exists "JSID"] && ( [HTTP::cookie "JSID"] != "") } {
if { [persist lookup uie "[HTTP::cookie "JSID"] pool mypool"] != "" } {
persist uie [HTTP::cookie "JSID"] 3600
}
}
}
Any idea how to proctect the pesistence table ¿?
Thanks
