Skip to content

General settings

You can configure slow HTTP protection and set the TLS version.

Slow HTTP protection settings

Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time, to a web server. If an HTTP request isn't complete or the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. When the server’s concurrent connection pool reaches its maximum, this creates a DoS.

Slow HTTP protection helps to protect against Slow HTTP attacks by setting a time-out for request headers.

  • Soft limit: Minimum amount of time to receive a request header.

  • Hard limit: Maximum amount of time to receive the request header.

  • Extension rate: Amount of data, in bytes, to extend the time-out set by the soft limit. Every time the rate is exceeded, the soft limit is increased by one second.

  • Skipped networks/hosts: Networks or hosts that should not be affected by Slow HTTP protection.


Sophos Firewall only implements the protection for IP host types IP and Network. Don't specify an IP range or IP list.

TLS version settings

Select the minimum TLS version that is allowed to connect to the WAF.


Check your browser’s TLS support before selecting a version. If you select TLS version 1.2, clients like Microsoft Internet Explorer 8 or earlier and those running on Windows XP won't be able to connect to the WAF.