Fortinet black logo

CLI Reference

config security dos http-access-limit

config security dos http-access-limit

Syntax

configure security dos http-access-limit

edit <name>

set status [enable | disable]

set access-limit-per-ip <integer>

set action [ pass | deny | block-period]

set block-period <integer>

set log [enable | disable]

set severity [ high | medium | low | info]

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

access-limit-per-ip

The access limitation per IP

integer

0-65535

0

No

action

Action taken when the limit is reached.

choice

Pass

deny block-period

deny

No

block-period

Number of seconds during which FortiADC blocks the connection action,

integer

1-3600

60

No

severity

Severity of the Log

choice

info low medium high

high

No

log

Records log message

choice

enable

disable

disable

No

CLI Parameter

Visible condition

Special value

Effective condition

access-limit-per-ip

always visible

0, means no limit

Attach this config to a DoS protection profile, and attach the DoS profile to a virtual server

action

always visible

N/A

block-period

action == block-period

N/A

severity

log == enable

N/A

log

always visible

N/A

Function description

CLI Parameter

Description

access-limit-per-ip

If FortiADC receives some HTTP request which has the same source IP in a second, it will check the number to see if it reaches the limit or not. If it has, then FortiADC takes action. The “one second” times when the first request arrived; the count block will be released after one second.

action

DoS protect action.

block-period

Block the TCP connection for a period (seconds). During this period if the TCP connection's source IP is blocked, this connection will be aborted. If FortiADC reboots, this block action will be invalid.

severity

Log severity level

log

Enable or disable log

Example

configure security dos http-access-limit

edit access-limit

set access-limit-per-ip 10

set action block-period

set block-period 30

set log enable

set severity info

next

end

configure security dos http-access-limit

edit access-limit

set access-limit-per-ip 10

set action Pass

set log enable

set severity info

next

end

configure security dos http-access-limit

edit access-limit

set access-limit-per-ip 10

next

end

config security dos http-access-limit

Syntax

configure security dos http-access-limit

edit <name>

set status [enable | disable]

set access-limit-per-ip <integer>

set action [ pass | deny | block-period]

set block-period <integer>

set log [enable | disable]

set severity [ high | medium | low | info]

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

access-limit-per-ip

The access limitation per IP

integer

0-65535

0

No

action

Action taken when the limit is reached.

choice

Pass

deny block-period

deny

No

block-period

Number of seconds during which FortiADC blocks the connection action,

integer

1-3600

60

No

severity

Severity of the Log

choice

info low medium high

high

No

log

Records log message

choice

enable

disable

disable

No

CLI Parameter

Visible condition

Special value

Effective condition

access-limit-per-ip

always visible

0, means no limit

Attach this config to a DoS protection profile, and attach the DoS profile to a virtual server

action

always visible

N/A

block-period

action == block-period

N/A

severity

log == enable

N/A

log

always visible

N/A

Function description

CLI Parameter

Description

access-limit-per-ip

If FortiADC receives some HTTP request which has the same source IP in a second, it will check the number to see if it reaches the limit or not. If it has, then FortiADC takes action. The “one second” times when the first request arrived; the count block will be released after one second.

action

DoS protect action.

block-period

Block the TCP connection for a period (seconds). During this period if the TCP connection's source IP is blocked, this connection will be aborted. If FortiADC reboots, this block action will be invalid.

severity

Log severity level

log

Enable or disable log

Example

configure security dos http-access-limit

edit access-limit

set access-limit-per-ip 10

set action block-period

set block-period 30

set log enable

set severity info

next

end

configure security dos http-access-limit

edit access-limit

set access-limit-per-ip 10

set action Pass

set log enable

set severity info

next

end

configure security dos http-access-limit

edit access-limit

set access-limit-per-ip 10

next

end