Fortinet black logo

CLI Reference

config security dos http-request-flood-protection

config security dos http-request-flood-protection

HTTP Request Flood policy can limit the speed of HTTP requests from a client that is marked by a cookie.

Syntax

configure security dos http-request-flood-protection

edit <name>

set status [enable | disable]

set request-limit-per-session <integer>

set action [ Pass | deny | Pass&deny | block-period]

set block-period <integer>

set severity [ high | medium | low | info]

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

request-limit-per-session

The request limitation of per HTTP session

integer

0-65535

0

No

action

Action when limit is reached

choice

Pass

deny block-period

deny

No

block-period

Number of seconds during which to block the connection action

integer

1-3600

60

No

severity

Severity of the Log

choice

info low medium high

high

No

log

Record log message

choice

enable

disable

disable

No

Function description

CLI Parameter

Description

request-limit-per-session

If FortiADC receives a HTTP request, it will first match the URL and host. If these match, it will insert a cookie to the header when the response arrives. If a new request arrives and carries a cookie which is inserted by FortiADC, FortiADC will find a block to record the number of all the TCP connections which use the same cookie; if it reaches the limit, FortiADC will take action.

action

DoS protect action

block-period

Block the HTTP request for a period (second). During this period if the TCP connection’s request has the blocked cookie, it will be aborted. If FortiADC reboots, this block action is still valid.

severity

Log severity level

log

Enable or disable log

Example

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

set action block-period

set block-period 20

set log enable

set severity medium

next

end

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

set action Pass

next

end

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

next

end

config security dos http-request-flood-protection

HTTP Request Flood policy can limit the speed of HTTP requests from a client that is marked by a cookie.

Syntax

configure security dos http-request-flood-protection

edit <name>

set status [enable | disable]

set request-limit-per-session <integer>

set action [ Pass | deny | Pass&deny | block-period]

set block-period <integer>

set severity [ high | medium | low | info]

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

request-limit-per-session

The request limitation of per HTTP session

integer

0-65535

0

No

action

Action when limit is reached

choice

Pass

deny block-period

deny

No

block-period

Number of seconds during which to block the connection action

integer

1-3600

60

No

severity

Severity of the Log

choice

info low medium high

high

No

log

Record log message

choice

enable

disable

disable

No

Function description

CLI Parameter

Description

request-limit-per-session

If FortiADC receives a HTTP request, it will first match the URL and host. If these match, it will insert a cookie to the header when the response arrives. If a new request arrives and carries a cookie which is inserted by FortiADC, FortiADC will find a block to record the number of all the TCP connections which use the same cookie; if it reaches the limit, FortiADC will take action.

action

DoS protect action

block-period

Block the HTTP request for a period (second). During this period if the TCP connection’s request has the blocked cookie, it will be aborted. If FortiADC reboots, this block action is still valid.

severity

Log severity level

log

Enable or disable log

Example

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

set action block-period

set block-period 20

set log enable

set severity medium

next

end

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

set action Pass

next

end

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

next

end