Http-Flood Action - HP MSR Series Command Reference Manual

Parameters
threshold-value: Specifies the threshold for triggering FIN flood attack prevention. The value range is 1 to
1000000 in units of FIN packets sent to an IP address per second.
Usage guidelines
The global threshold applies to FIN flood attack detection for non-specific IP addresses.
Adjust the threshold according to the application scenarios. If the number of FIN packets to a protected
server, such as an HTTP or FTP server, is normally large, set a large threshold. A small threshold might
affect the server services. For a network that is unstable or susceptible to attacks, set a small threshold.
Examples
# Set the global threshold to 100 for triggering FIN flood attack prevention in attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] fin-flood threshold 100
Related commands
• fin-flood action
fin-flood detect
•
• fin-flood detect non-specific

http-flood action

Use http-flood action to specify global actions against HTTP flood attacks.
Use undo http-flood action to restore the default.
Syntax
http-flood action { client-verify | drop | logging } *
undo http-flood action
Default
No action is taken against detected HTTP flood attacks.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for HTTP client verification. If HTTP client
verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent HTTP packets destined for the victim IP addresses.
logging: Enables logging for HTTP flood attack events. The log information records the detection
interface, victim IP address, MPLS L3VPN instance name, current packet statistics, prevention actions,
and start time of the attack.
622