Http-Flood Threshold; Icmp-Flood Action - H3C MSR Series Command Reference Manual

Related commands
http-flood action
http-flood detect
http-flood detect non-specific

http-flood threshold

Use http-flood threshold to set the global threshold for triggering HTTP flood attack prevention.
Use undo http-flood threshold to restore the default.
Syntax
http-flood threshold threshold-value
undo http-flood threshold
Default
The global threshold is 1000 for triggering HTTP flood attack prevention.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
threshold-value: Specifies the threshold value. The value range is 1 to 1000000 in units of HTTP
packets sent to an IP address per second.
Usage guidelines
The global threshold applies to global HTTP flood attack detection. Adjust the threshold according to
the application scenarios. If the number of HTTP packets sent to a protected HTTP server is normally
large, set a large threshold. A small threshold might affect the server services. For a network that is
unstable or susceptible to attacks, set a small threshold.
With global HTTP flood attack detection configured, the device is in attack detection state. When the
sending rate of HTTP packets to an IP address reaches the threshold, the device enters prevention
state and takes the specified actions. When the rate is below the silence threshold (three-fourths of
the threshold), the device returns to the attack detection state.
Examples
# Set the global threshold to 100 for triggering HTTP flood attack prevention in the attack defense
policy atk-policy-1.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] http-flood threshold 100
Related commands
http-flood action
http-flood detect
http-flood detect non-specific

icmp-flood action

Use icmp-flood action to specify global actions against ICMP flood attacks.
1059