Fortinet black logo

CLI Reference

config security dos http-connection-flood-protection

config security dos http-connection-flood-protection

HTTP Connection Flood policy can limit connections from a client that are marked by a cookie.

Syntax

configure security dos http-request-flood-protection

edit <name>

set status [enable | disable]

set request-limit-per-session <integer>

set action [ Pass | deny | Pass&deny | block-period]

set block-period <integer>

set severity [ high | medium | low | info]

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

request-limit-per-session

the request limitation of per HTTP session

integer

0-65535

0

No

action

action when reach the limit

choice

Pass

deny block-period

deny

No

block-period

number of seconds that block the connection action

integer

1-3600

60

No

severity

severity of the Log

choice

info low medium high

high

No

log

record log message

choice

enable

disable

disable

No

Function description

CLI Parameter

Description

request-limit-per-session

If ADC receives a HTTP request, first match the URL and host. If matched, it will insert a cookie to the header when the response arrives. If a new request arrives ADC and carry a cookie which is inserted by ADC, ADC will find a block to record the number that all the TCP connection which use the same cookie, if reach the limit, then take action.

action

DoS protect action

block-period

Block the HTTP request for a period(second), timing when tack the action. During this period if the TCP connection whose request have the blocked cookie will be aborted. If ADC reboot, this block action is still valid.

severity

Log severity level

log

Enable or disable log

Example

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

set action block-period

set block-period 20

set log enable

set severity medium

next

end

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

set action Pass

next

end

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

next

end

config security dos http-connection-flood-protection

HTTP Connection Flood policy can limit connections from a client that are marked by a cookie.

Syntax

configure security dos http-request-flood-protection

edit <name>

set status [enable | disable]

set request-limit-per-session <integer>

set action [ Pass | deny | Pass&deny | block-period]

set block-period <integer>

set severity [ high | medium | low | info]

next

end

CLI specification

CLI Parameter

Help message

Type

Scope

Default

Must

request-limit-per-session

the request limitation of per HTTP session

integer

0-65535

0

No

action

action when reach the limit

choice

Pass

deny block-period

deny

No

block-period

number of seconds that block the connection action

integer

1-3600

60

No

severity

severity of the Log

choice

info low medium high

high

No

log

record log message

choice

enable

disable

disable

No

Function description

CLI Parameter

Description

request-limit-per-session

If ADC receives a HTTP request, first match the URL and host. If matched, it will insert a cookie to the header when the response arrives. If a new request arrives ADC and carry a cookie which is inserted by ADC, ADC will find a block to record the number that all the TCP connection which use the same cookie, if reach the limit, then take action.

action

DoS protect action

block-period

Block the HTTP request for a period(second), timing when tack the action. During this period if the TCP connection whose request have the blocked cookie will be aborted. If ADC reboot, this block action is still valid.

severity

Log severity level

log

Enable or disable log

Example

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

set action block-period

set block-period 20

set log enable

set severity medium

next

end

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

set action Pass

next

end

configure security dos http-request-flood-protection

edit req-limit

set request-limit-per-session 2

next

end