The anti-ddos http-flood source-detect command enables the global HTTP flood attack defense and configure the defense mode.
The undo anti-ddos http-flood source-detect command disables the global HTTP flood attack defense.
The undo anti-ddos http-flood source-detect mode command restores the global HTTP flood attack defense mode to redirect.
anti-ddos http-flood source-detect [ mode { basic | advanced | redirect } ]
undo anti-ddos http-flood source-detect [ mode ]
| Parameter | Description | Value |
|---|---|---|
| basic | Indicates the basic source detection mode. This mode is protocol-based source authentication. When the redirection function of the browser is used, the FW detects whether the access source of HTTP services is a real browser and the browser is automatically refreshed. This does not compromise the Internet experience of the legitimate users. | - |
| advanced | Indicates the advanced source detection mode. Redirection requires the input of a verification code. This mode detects whether HTTP access is initiated by an actual user and requires a verification code. Botnets that launch attacks cannot enter the verification code and are effectively defended against. However, the Internet experience of the legitimate users is compromised. If the advanced mode is configured and some attack occurs, the FW first defends against attacks in basic mode. If the defense fails (the rate of HTTP packets forwarded by the FW is still higher than the defense threshold one second after the defense is started), the system automatically switches the defense to the advanced mode. | If the attack source is a proxy server or the attack
source has certain browser functions, the basic mode fails to defend.
You must select mode advanced. If the client of the HTTP service is a set-top box, do not select this mode because the set-top box cannot enter any verification codes. |
| redirect | Indicates the 302 redirect mode. | - |