The anti-ddos http-flood source-detect command enables the interface-specific HTTP flood attack defense.
The undo anti-ddos http-flood source-detect command disables the interface-specific HTTP flood attack defense.
anti-ddos http-flood source-detect [ alert-rate alert-rate ]
anti-ddos http-flood source-detect [ mode { basic | redirect } ]
undo anti-ddos http-flood source-detect
| Parameter | Description | Value |
|---|---|---|
| alert-rate alert-rate | Specifies the threshold of the HTTP request packet rate that triggers the interface-specific HTTP flood attack defense. | The value is an integer ranging from 1 to 80000000, in pps. The default value is 500000. |
| basic | Indicates the basic source detection mode. | - |
| redirect | Indicates the 302 redirect mode. | - |
Ethernet interface view, Ethernet sub-interface view, Layer-2 Ethernet interface view, Layer-2 Ethernet sub-interface view, Eth-Trunk interface view, Layer-2 Eth-Trunk interface view, Eth-Trunk sub-interface view, Layer-2 Eth-Trunk sub-interface view, Virtual interface view
By default, the interface-specific HTTP flood attack defense is disabled.
When the rate of HTTP request packets (regardless of destination IP addresses) received by the interface reaches the threshold, the FW starts packet redirection to defend against HTTP flood attacks.
The default defense mode is redirect.
The attack defense threshold obtained by the threshold learning function takes effect only for the global anti-DDoS. Therefore, you must use the anti-ddos http-flood source-detect command to manually set the threshold for the interface-specific HTTP flood attack defense.
# Set the threshold of HTTP packet rate that triggers HTTP flood attack defense to 4,000,000 pps on GE0/0/2. In this case, when the HTTP request packet rate into the interface exceeds 4,000,000 pps, the HTTP flood attack defense is triggered.
<sysname> system-view [sysname] interface GigabitEthernet 0/0/2 [sysname-GigabitEthernet0/0/2] anti-ddos http-flood source-detect alert-rate 4000000