| Configuring the WSM using Device Manager |
Delayed binding prevents SYN Denial of Service (DoS) attacks which occur when a client saturates a server with repeated SYN requests instead of completing the following three-way handshake as expected.
Once the WSM receives a valid ACK or DATA REQ from the client, it sends a SYN request to the server on behalf of the client, waits for the server to respond with a SYN ACK, and then forwards the client's DATA REQ to the server. It delays binding the client session to the server until the expected handshakes are complete. Thus, with delayed binding, two independent TCP connections span a Web session--one from the client to the WSM and the second from the WSM to the selected server. The WSM temporarily terminates each TCP connection until content has been received, preventing the server from being inundated with SYN requests.
Note:
Delayed binding is automatically enabled when content intelligent switching features are used. However, if you are not parsing content and you want delayed binding enabled, you must enable it manually.
See also: