Fortinet black logo

Handbook

Configuring HTTP connection flood policy

Configuring HTTP connection flood policy

HTTP Connection Flood policy can limit connections from a client which are marked by a cookie.

Before you begin:

  • You must have Read-Write permission for Security settings.

After you have configured HTTP Connection Flood policies, you can select them in DoS Protection Profile.

To configure a HTTP Connection Flood policy:

  1. Go to DoS Protection > Application > HTTP Connection Flood.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration.

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    Status

    Enable | Disable. If Enable, this policy will be activated, otherwise is in-active.

    HTTP Connection Number Limit

    1-1024. Limits the number of TCP connections with the same session cookie.

    Action

    Pass—Allow the traffic.

    Deny— Drop the traffic, send a 400 Bad request to the client.

    Period Block—Deny all the HTTP request from a source IP within a period which specified by Period Block.

    Period Block

    1-3600 seconds; Default: 60

    Log

    Enable | Disable; If Enable the Action will be log

    Severity

    High—Log as high severity events.

    Medium—Log as a medium severity events.

    Low—Log as low severity events.

    The default value is High.

  4. Save the configuration.

Configuring HTTP connection flood policy

HTTP Connection Flood policy can limit connections from a client which are marked by a cookie.

Before you begin:

  • You must have Read-Write permission for Security settings.

After you have configured HTTP Connection Flood policies, you can select them in DoS Protection Profile.

To configure a HTTP Connection Flood policy:

  1. Go to DoS Protection > Application > HTTP Connection Flood.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration.

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    Status

    Enable | Disable. If Enable, this policy will be activated, otherwise is in-active.

    HTTP Connection Number Limit

    1-1024. Limits the number of TCP connections with the same session cookie.

    Action

    Pass—Allow the traffic.

    Deny— Drop the traffic, send a 400 Bad request to the client.

    Period Block—Deny all the HTTP request from a source IP within a period which specified by Period Block.

    Period Block

    1-3600 seconds; Default: 60

    Log

    Enable | Disable; If Enable the Action will be log

    Severity

    High—Log as high severity events.

    Medium—Log as a medium severity events.

    Low—Log as low severity events.

    The default value is High.

  4. Save the configuration.