Forum Discussion
Chris_Grant
Jan 18, 2016Employee
iRules are event driven. As such you will need to key this off an event that is being hit. You might try modifying the code used to detect and prevent Slowloris attacks, detailed here: https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10260.html
We use a timer to reset the connection one second after initialization:
when CLIENT_ACCEPTED { set rtimer 0 after 1000 { if { not $rtimer} { drop } } }
when HTTP_REQUEST { set rtimer 1 }