Jump to content


Photo

Exception URL for Slow Client attack prevention


  • Please log in to reply
2 replies to this topic

#1 Jeoffrey Beckers

Jeoffrey Beckers
  • Members
  • 3 posts

Posted 19 March 2019 - 12:45 PM

Hello

 

Our web application use SignalR to keep an open connection from the clients to the web server. This connection is flagged as a slow client attack (slow read response).

 

Is there a way to set an exception on the WAF to not check for this type of attack on only the SignalR URL? (but keep other checks enabled on this URL)

 

Under Websites / DDOS prevention / Slow Client Attack Prevention, I do not see an option to set an exception, but we also don't want to turn off the checks completely.

 

thanks!

 

 



#2 Jeoffrey Beckers

Jeoffrey Beckers
  • Members
  • 3 posts

Posted 31 March 2019 - 04:51 AM

I opened a ticket with Barracuda Support. You cannot set an exception URL for the DDOS prevention. The only thing you can do in case of false positives if tweaking the settings doesn't resolve it is to disable DDOS prevention completely. 



#3 Scott Treacy

Scott Treacy
  • Barracuda Team Members
  • 11 posts
  • LocationUK

Posted 18 April 2019 - 09:30 AM

Hi Jeoffrey,

 

Rather than adding a URL exception to the DDoS prevention which would also make the application vulnerable to DDoS attack on that URL from all other sources, the approach taken by Barracuda WAF is to exempt specific client IP addresses instead.

 

If you add the IP(s) of the SignalR server(s) into Websites > DDoS Prevention > Slow Client Attack Prevention > {App_Name} Edit > Exception Clients this should solve your issue.

 

Regards

Scott