Configuring HTTP Flood Attack Defense

Procedure

• Configure global HTTP flood attack defense.
  1. In the user view, access the system view.

     system-view

  2. Enable the HTTP flood attack defense function and configure the defense mode.

     anti-ddos http-flood source-detect [ mode { basic | advanced | redirect } ]

     The default defense mode is redirect.

  3. Set the defense threshold.

     anti-ddos http-flood defend alert-rate alert-rate

     If the rate of HTTP request packets destined for the same destination IP address reaches alert-rate, the global HTTP flood attack defense function is triggered. alert-rate is an integer ranging from 1 to 80000000, in pps. The default value is 8000.

     The defense threshold can be manually configured or automatically learned. For details about the threshold learning configuration, see Configuring Threshold Learning.

• Configure interface-based HTTP flood attack defense.
  1. In the user view, access the system view.

     system-view

  2. Access the interface view.

     interface interface-type interface-number

  3. Enable the HTTP flood attack defense function and configure the defense mode.

     anti-ddos http-flood source-detect [ mode { basic | redirect } ]

     The default defense mode is redirect.

  4. Configure the defense threshold.

     anti-ddos http-flood source-detect alert-rate alert-rate

     When the rate of all HTTP request packets (regardless of destination addresses) received by the interface reaches the alarm threshold alert-rate, the interface-based HTTP flood attack defense function is triggered. alert-rate is an integer ranging from 1 to 80000000, in pps. The default value is 500000.

     The attack defense threshold learning applies only to global DDoS attack defense and not to interface-based DDoS attack defense. Therefore, the threshold for interface-based HTTP flood attack defense must be configured manually using the anti-ddos http-flood defend alert-rate command.