Configuring an HTTP request flood policy
HTTP Request Flood policy can limit the speed of HTTP requests from a client which is marked by a cookie.
Before you begin:
- You must have Read-Write permission for Security settings.
After you have configured HTTP Request Flood policies, you can select them in DoS Protection Profile.
To configure a HTTP Request Flood policy:
- Go to DoS Protection > Application > HTTP Request Flood.
- Click Create New to display the configuration editor.
-
Complete the configuration.
Name
Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.
Status
Enable | Disable. If enabled, this policy will be activated, otherwise it is inactive.
HTTP Request Limit
0-65535. Limits the number of HTTP requests per second with the same session cookie. 0 means no limit for HTTP request.
Action
Pass—Allow the traffic.
Deny— Drop the traffic, send a 400 Bad request to the client.
Period Block—Deny all the HTTP requests from a source IP within a period specified by Period Block.
Captcha—Requires the client to successfully fulfill the CAPTCHA request
Period Block
1-3600 seconds; Default: 60
Log
Enable | Disable; If Enable the Action will be log
Severity
High—Log as high severity events.
Medium—Log as a medium severity events.
Low—Log as low severity events.
The default value is High.
- Save the configuration.