Http-Flood Detect - H3C MSR Series Command Reference Manual

Predefined user roles
network-admin
Parameters
client-verify: Adds the victim IP addresses to the protected IP list for HTTP client verification. If
HTTP client verification is enabled, the device provides proxy services for protected servers.
drop: Drops subsequent HTTP packets destined for the victim IP addresses.
logging: Enables logging for HTTP flood attack events.
Usage guidelines
For the HTTP flood attack detection to collaborate with the HTTP client verification, make sure the
client-verify keyword is specified and the HTTP client verification is enabled. To enable HTTP client
verification, use the client-verify http enable command.
Examples
# Specify drop as the global action against HTTP flood attacks in the attack defense policy
atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] http-flood action drop
Related commands
client-verify http enable

http-flood detect

http-flood detect non-specific
http-flood threshold
http-flood detect
Use http-flood detect to configure IP address-specific HTTP flood attack detection.
Use undo http-flood detect to remove the IP address-specific HTTP flood attack detection
configuration.
Syntax
http-flood detect { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] [ port
port-list ] [ threshold threshold-value ] [ action { { client-verify | drop | logging } * | none } ]
undo http-flood detect { ip ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]
Default
IP address-specific HTTP flood attack detection is not configured.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies the IPv4 address to be protected. The ipv4-address argument cannot be
255.255.255.255 or 0.0.0.0.
ipv6 ipv6-address: Specifies the IPv6 address to be protected.
1056