Table of Contents
Advertisement
Views
Attack defense policy view
Predefined user roles
network-admin
mdc-admin
Parameters
drop: Drops subsequent HTTP packets destined for the victim IP addresses.
logging: Enables logging for HTTP flood attack events.
Examples
# Specify drop as the global action against HTTP flood attacks in attack defense policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] http-flood action drop
Related commands
http-flood detect
http-flood detect non-specific
http-flood threshold
http-flood detect
Use http-flood detect to configure IP address-specific HTTP flood attack detection.
Use undo http-flood detect to remove the IP address-specific HTTP flood attack detection
configuration.
Syntax
http-flood detect { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] [ port
port-list ] [ threshold threshold-value ] [ action { { drop | logging } * | none } ]
undo http-flood detect { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
Default
IP address-specific HTTP flood attack detection is not configured.
Views
Attack defense policy view
Predefined user roles
network-admin
mdc-admin
Parameters
ip ipv4-address: Specifies the IPv4 address to be protected. The ip-address argument cannot be all
1s or 0s.
ipv6 ipv6-address: Specifies the IPv6 address to be protected.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IP
address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
Do not specify this option if the protected IP address is on the public network.
566
Advertisement
Table of Contents
