624
threshold threshold-value: Sets the threshold for triggering HTTP flood attack prevention. The value range
is 1 to 1000000 in units of HTTP packets sent to the specified IP address per second.
action: Specifies the actions when an HTTP flood attack is detected. If no action is specified, the global
actions set by the http-flood action command apply.
client-verify: Adds the victim IP addresses to the protected IP list for HTTP client verification. If HTTP client
verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent HTTP packets destined for the protected IP address.
logging: Enables logging for HTTP flood attack events. The log information records the detection
interface, victim IP address, MPLS L3VPN instance name, current packet statistics, prevention action, and
start time of the attack.
Usage guidelines
You can configure HTTP flood attack detection for multiple IP addresses in one attack defense policy.
With HTTP flood attack detection configured, the device is in attack detection state. An attack occurs
when the device detects that the sending rate of HTTP packets to a protected IP address reaches or
exceeds the threshold. The device enters prevention state and takes actions to protect the target IP
address. When the rate is below the silence threshold (three-fourths of the threshold), the device
considers that the threat is over and returns to the attack detection state.
Examples
# Configure HTTP flood attack detection for 192.168.1.2 in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] http-flood detect ip 192.168.1.2 port 80
8080 threshold 2000
Related commands
• http-flood action
• http-flood detect non-specific
• http-flood threshold
• http-flood port
http-flood detect non-specific
Use http-flood detect non-specific to enable HTTP flood attack detection for non-specific IP addresses.
Use undo http-flood detect non-specific to restore the default.
Syntax
http-flood detect non-specific
undo http-flood detect non-specific
Default
HTTP flood attack detection is not enabled for non-specific IP addresses.
Views
Attack defense policy view
To Next Page
Loading...
Need help?
General
