Fortinet black logo

CLI Reference

config security dos dos-protection-profile

config security dos dos-protection-profile

A DoS Protection profile references the DoS policies that are to be enforced.

Syntax

configure security dos dos-protection-profile

edit <name>

set http-access-limit <string>

set http-connection-flood-protection <string>

set http-request-flood-protection <string>

set http-send-timeout <integer>

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

http-connection-flood-protection

HTTP connection limit

data source

http-connection-flood-protection object

Null

No

http-access-limit

HTTP access limit

data source

http-access-limit object

Null

No

http-request-flood-protection

HTTP request limit

data source

http-request-flood-protection object

Null

No

http-send-timeout

The data transfer must be completed at the specified time (the timeout), otherwise the connection will be aborted; for example, you can set Get a file to be completed within 20s.

integer

-1-3600

-1

No

CLI Parameter

Visible condition

Special value

Effective condition

http-connection-flood-protection

always visible

N/A

Attach to a virtual server

http-access-limit

always visible

N/A

http-request-flood-protection

always visible

N/A

http-send-timeout

always visible

-1, means no limit

Function description

CLI Parameter

Description

http-connection-flood-protection

Inherit a http-connection-flood-protection configuration.

http-access-limit

Inherit a http-access-limit configuration.

http-request-flood-protection

Inherit a http-request-flood-protection configuration.

http-send-timeout

After receiving a HTTP request, FortiADC may forward a response which comes from the backend server. If FortiADC cannot send out all the response messages, it will save the rest of the data in a buffer, and will try to send out again when possible. When there occurs a timeout, if the buffer still has data to be sent, FortiADC will abort this TCP connection.

Example

configure security dos dos-protection-profile

edit dos-profile

set http-access-limit access-limit

set http-connection-flood-protection conn-limit

set http-request-flood-protection req-limit

set http-send-timeout 3

next

end

configure security dos dos-protection-profile

edit dos-profile

set http-access-limit access-limit

set http-connection-flood-protection conn-limit

set http-request-flood-protection req-limit

next

end

config security dos dos-protection-profile

config security dos dos-protection-profile

A DoS Protection profile references the DoS policies that are to be enforced.

Syntax

configure security dos dos-protection-profile

edit <name>

set http-access-limit <string>

set http-connection-flood-protection <string>

set http-request-flood-protection <string>

set http-send-timeout <integer>

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

http-connection-flood-protection

HTTP connection limit

data source

http-connection-flood-protection object

Null

No

http-access-limit

HTTP access limit

data source

http-access-limit object

Null

No

http-request-flood-protection

HTTP request limit

data source

http-request-flood-protection object

Null

No

http-send-timeout

The data transfer must be completed at the specified time (the timeout), otherwise the connection will be aborted; for example, you can set Get a file to be completed within 20s.

integer

-1-3600

-1

No

CLI Parameter

Visible condition

Special value

Effective condition

http-connection-flood-protection

always visible

N/A

Attach to a virtual server

http-access-limit

always visible

N/A

http-request-flood-protection

always visible

N/A

http-send-timeout

always visible

-1, means no limit

Function description

CLI Parameter

Description

http-connection-flood-protection

Inherit a http-connection-flood-protection configuration.

http-access-limit

Inherit a http-access-limit configuration.

http-request-flood-protection

Inherit a http-request-flood-protection configuration.

http-send-timeout

After receiving a HTTP request, FortiADC may forward a response which comes from the backend server. If FortiADC cannot send out all the response messages, it will save the rest of the data in a buffer, and will try to send out again when possible. When there occurs a timeout, if the buffer still has data to be sent, FortiADC will abort this TCP connection.

Example

configure security dos dos-protection-profile

edit dos-profile

set http-access-limit access-limit

set http-connection-flood-protection conn-limit

set http-request-flood-protection req-limit

set http-send-timeout 3

next

end

configure security dos dos-protection-profile

edit dos-profile

set http-access-limit access-limit

set http-connection-flood-protection conn-limit

set http-request-flood-protection req-limit

next

end