625
Predefined user roles
network-admin
Usage guidelines
This command enables global HTTP flood attack detection. It applies to all IP addresses except for those
specified by the http-flood detect command. The system uses the global trigger threshold set by the
http-flood threshold command and global actions specified by the http-flood action command.
Examples
# Enable HTTP flood attack detection for non-specific IP addresses in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] dns-flood detect non-specific
Related commands
• http-flood action
• http-flood detect
• http-flood threshold
http-flood port
Use http-flood port to specify the global ports to be protected against HTTP flood attacks.
Use undo http-flood port to restore the default.
Syntax
http-flood port port-list
undo http-flood port
Default
The HTTP flood attack prevention protects port 80.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
port-list: Specifies a space-separated list of up to 65535 port number items. Each item specifies a port by
its port number or a range of ports in the form of start-port-number to end-port-number. The
end-port-number cannot be smaller than the start-port-number.
Usage guidelines
The device detects only HTTP packets destined for the specified ports.
The global ports apply to HTTP flood attack detection for non-specific IP addresses and IP-specific HTTP
flood attack detection with no port specified.
Examples
# Specify port 80 and 8080 as the global ports to be protected against HTTP flood attacks in attack
defense policy atk-policy-1.
To Next Page
Loading...
Need help?
General
