Fortinet black logo

Handbook

Configuring HTTP access limit policy

HTTP Access Limit policy can limit the speed of HTTP request from a source IP.

Before you begin:

  • You must have Read-Write permission for Security settings.

After you have configured HTTP Access Limit policies, you can select them in DoS Protection Profile.

To configure a HTTP Access Limit policy:

  1. Go to DoS Protection > Application > HTTP Access Limit.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration.

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    Status

    Enable | Disable. If Enable, this policy will be activated, otherwise it is inactive.

    HTTP Request Limit

    0-65535. Limits the amount of HTTP requests per second from a certain IP. 0 means no limit for HTTP request.

    Action

    Pass—Allow the traffic.

    Deny— Drop the traffic, send a 400 Bad request to the client.

    Period Block—Deny all the HTTP request from a source IP within a period which specified by Period Block.

    Captcha—Requires the client to successfully fulfill the CAPTCHA request

    Period Block

    1-3600 seconds; Default: 60

    Log

    Enable | Disable; If Enable the Action will be log

    Severity

    High—Log as high severity events.

    Medium—Log as a medium severity events.

    Low—Log as low severity events.

    The default value is High.

  4. Save the configuration.

HTTP Access Limit policy can limit the speed of HTTP request from a source IP.

Before you begin:

  • You must have Read-Write permission for Security settings.

After you have configured HTTP Access Limit policies, you can select them in DoS Protection Profile.

To configure a HTTP Access Limit policy:

  1. Go to DoS Protection > Application > HTTP Access Limit.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration.

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    Status

    Enable | Disable. If Enable, this policy will be activated, otherwise it is inactive.

    HTTP Request Limit

    0-65535. Limits the amount of HTTP requests per second from a certain IP. 0 means no limit for HTTP request.

    Action

    Pass—Allow the traffic.

    Deny— Drop the traffic, send a 400 Bad request to the client.

    Period Block—Deny all the HTTP request from a source IP within a period which specified by Period Block.

    Captcha—Requires the client to successfully fulfill the CAPTCHA request

    Period Block

    1-3600 seconds; Default: 60

    Log

    Enable | Disable; If Enable the Action will be log

    Severity

    High—Log as high severity events.

    Medium—Log as a medium severity events.

    Low—Log as low severity events.

    The default value is High.

  4. Save the configuration.