On the Web Application Firewall > Advanced tab you can activate SlowHTTP protection and define the keys used for cookie signing and URL hardening.

SlowHTTP Protection

Here you can enable SlowHTTPClosed SlowHTTP attacks are DoS attacks, in which the attacker sends HTTP requests slowly and in pieces to a Webserver. So the Webserver keeps its resources busy waiting for the data. A DoS is created when the server's concurrent connection pool reaches its maximum. protection and set a timeout for request headers. You can determine the minimum and maximum time limit for request headers and extend the minimal timeout according to the data volume. For example, the soft limit allows at least 10 seconds to receive request headers. The extension rate is 500, the hard limit is set to 30. If the client now sends data, the soft limit timeout increases 1 second for every 500 bytes received. After 30 seconds the client will be disconnected. Please specify the values for your scenario.

Use timeout for request headers: If enabled, the SlowHTTP Protection is activated.

Soft limit: Enter the minimum amount of time to receive the request header.

Hard limit: Enter the maximum amount of time to receive the request header.

Extension rate: Enter the amount of data volume which extends the timeout.

Skipped Networks/Host: Select or add networks/hosts that should not be affected by SlowHTTP Protection.

TLS Version

Select the minimal TLS version that is allowed to connect to the WAF.

Note – If you select TLS version 1.2, clients using old versions of Microsoft Internet Explorer (6, 7 or 8) or Microsoft Windows XP will not be able to connect to the WAF.

Proxy Protocol

If enabled, the proxy protocol is supported. Proxy Protocol is an Internet protocol which carries connection information from the source requesting the connection to the destination for which the connection was requested.

You need to ensure that there is a trusted source of Proxy Protocol information in front of WAF and that all traffic passes through this source. This means, that your WAF should not be connected directly with the Internet. This must be ensured within your network topology.

Session Storage

Here you can enter a limit for user sessions on Web Application Firewall. If the limit is reached, once a day Sophos UTM closes sessions to create capacity. The default value is 25000 sessions.

Cookie Signing

Here you can enter a custom secret that is used as signing key for cookie signing.

Static URL Hardening

Here you can enter a custom secret that is used as signing key for URL hardening.

Form Hardening

Here you can enter a custom secret that is used as encryption key for the form hardening token. The secret must consist of at least eight characters.