config security dos http-connection-flood-protection
HTTP Connection Flood policy can limit connections from a client that are marked by a cookie.
Syntax
configure security dos http-request-flood-protection
edit <name>
set status [enable | disable]
set request-limit-per-session <integer>
set action [ Pass | deny | Pass&deny | block-period | captcha]
set block-period <integer>
set severity [ high | medium | low | info]
next
end
CLI specification
CLI Parameter |
Help message |
Type |
Scope |
Default |
Must |
---|---|---|---|---|---|
request-limit-per-session |
the request limitation of per HTTP session |
integer |
0-65535 |
0 |
No |
action |
action when reach the limit |
choice |
Pass deny block-period captcha |
deny |
No |
block-period |
number of seconds that block the connection action |
integer |
1-3600 |
60 |
No |
severity |
severity of the Log |
choice |
info low medium high |
high |
No |
log |
record log message |
choice |
enable disable |
disable |
No |
Function description
CLI Parameter |
Description |
---|---|
request-limit-per-session |
If ADC receives a HTTP request, first match the URL and host. If matched, it will insert a cookie to the header when the response arrives. If a new request arrives ADC and carry a cookie which is inserted by ADC, ADC will find a block to record the number that all the TCP connection which use the same cookie, if reach the limit, then take action. |
action |
DoS protect action |
block-period |
Block the HTTP request for a period(second), timing when tack the action. During this period if the TCP connection whose request have the blocked cookie will be aborted. If ADC reboot, this block action is still valid. |
severity |
Log severity level |
log |
Enable or disable log |
Example
configure security dos http-request-flood-protection
edit req-limit
set request-limit-per-session 2
set action block-period
set block-period 20
set log enable
set severity medium
next
end
configure security dos http-request-flood-protection
edit req-limit
set request-limit-per-session 2
set action Pass
next
end
configure security dos http-request-flood-protection
edit req-limit
set request-limit-per-session 2
next
end