HP FlexNetwork MSR Series Command Reference Manual page 910
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Syntax
http-flood detect { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] [ port
port-list ] [ threshold threshold-value ] [ action { { client-verify | drop | logging } * | none } ]
undo http-flood detect { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
Default
IP address-specific HTTP flood attack detection is not configured.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies the IPv4 address to be protected. The ipv4-address argument cannot be
255.255.255.255 or 0.0.0.0.
ipv6 ipv6-address: Specifies the IPv6 address to be protected.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IP
address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
Do not specify this option if the protected IP address is on the public network.
port port-list: Specifies a space-separated list of up to 24 port number items for a protected IPv4
address or up to 22 port number items for a protected IPv6 address. Each item specifies a port by its
port number or a range of ports in the form of start-port-number to end-port-number. The
end-port-number cannot be smaller than the start-port-number. If you do not specify this option, the
global ports apply.
threshold threshold-value: Specifies the threshold for triggering HTTP flood attack prevention. The
value range is 1 to 1000000 in units of HTTP packets sent to the specified IP address per second.
action: Specifies the actions when an HTTP flood attack is detected. If no action is specified, the
global actions set by the http-flood action command apply.
client-verify: Adds the victim IP addresses to the protected IP list for HTTP client verification. If
HTTP client verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent HTTP packets destined for the protected IP address.
logging: Enables logging for HTTP flood attack events.
none: Takes no action.
Usage guidelines
With HTTP flood attack detection configured for an IP address, the device is in attack detection state.
When the sending rate of HTTP packets to the IP address reaches the threshold, the device enters
prevention state and takes the specified actions. When the rate is below the silence threshold
(three-fourths of the threshold), the device returns to the attack detection state.
Examples
# Configure HTTP flood attack detection for 192.168.1.2 in the attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] http-flood detect ip 192.168.1.2 port 80
8080 threshold 2000
Related commands
http-flood action
892
Advertisement
