567
port
port-list
: Specifies a space-separated list of up to 65535 port number items. Each item specifies
a port by its port number or a range of ports in the form of
start-port-number
to
end-port-number
. The
end-port-number
cannot be smaller than the
start-port-number
. If you do not specify this option, the
global ports apply.
threshold
threshold-value
: Specifies the threshold for triggering HTTP flood attack prevention. The
value range is 1 to 1000000 in units of HTTP packets sent to the specified IP address per second.
action
: Specifies the actions when an HTTP flood attack is detected. If no action is specified, the
global actions set by the
http-flood action
command apply.
drop
: Drops subsequent HTTP packets destined for the protected IP address.
logging
: Enables logging for HTTP flood attack events.
none
: Takes no action.
Usage guidelines
With HTTP flood attack detection configured for an IP address, the device is in attack detection state.
When the sending rate of HTTP packets to the IP address reaches the threshold, the device enters
prevention state and takes the specified actions. When the rate is below the silence threshold
(three-fourths of the threshold), the device returns to the attack detection state.
You can configure HTTP flood attack detection for multiple IP addresses in one attack defense
policy.
Examples
# Configure HTTP flood attack detection for 192.168.1.2 in attack defense policy
atk-policy-1
.
<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] http-flood detect ip 192.168.1.2 port 80
8080 threshold 2000
Related commands
http-flood action
http-flood detect non-specific
http-flood threshold
http-flood port
http-flood detect non-specific
Use
http-flood detect non-specific
to enable global HTTP flood attack detection.
Use
undo http-flood detect non-specific
to disable global HTTP flood attack detection.
Syntax
http-flood detect non-specific
undo http-flood detect non-specific
Default
Global HTTP flood attack detection is disabled.
Views
Attack defense policy view
Predefined user roles
network-admin