General settings

You can configure slow HTTP protection and set the TLS version.

Slow HTTP protection settings

Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time, to a web server. If an HTTP request is not complete or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. When the server’s concurrent connection pool reaches its maximum, this creates a DoS.

Slow HTTP protection helps to protect against Slow HTTP attacks by setting a time-out for request headers.

Soft limit
Minimum amount of time to receive a request header.
Hard limit
Maximum amount of time to receive the request header.
Extension rate
Amount of data, in bytes, to extend the time-out set by the soft limit. Every time the rate is exceeded, the soft limit is increased by one second.
Skipped networks/hosts
Networks or hosts that should not be affected by Slow HTTP protection.

TLS version settings

Select the minimum TLS version that is allowed to connect to the WAF.

Note Check your browser’s TLS support before selecting a version. If you select TLS version 1.2, clients like Microsoft Internet Explorer 8 or earlier and those running on Windows XP won't be able to connect to the WAF.