< Home

v-gateway http-slow-attack defend enable

Function

The v-gateway http-slow-attack defend enable command enables virtual gateways to defend against HTTP slow attacks.

The undo v-gateway http-slow-attack defend enable command disables virtual gateways from defending against HTTP slow attacks.

Format

v-gateway http-slow-attack defend enable

undo v-gateway http-slow-attack defend enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

By default, this function is disabled.

Using the valid HTTP mechanism, attackers establish connections to the FW and keep the connections for a long time. The increase of such connections exhausts resources on the FW and even causes the FW to go down.

Common slow HTTP attacks are as follows:
  • Slow POST: An attacker sends POST packets to the FW to set the packet length to a large value. However, subsequent packets sent by the attacker are small. The FW keeps waiting for the attacker to send large packets.
  • Slow headers: An attacker initiates a connection to the FW using GET or POST packets, whose header fields contain no terminator, and sends other fields to keep the connection alive. As a result, the FW keeps waiting for a terminator.

If this function is enabled or disabled, the setting takes effect on all virtual gateways.

Example

# Enable virtual gateways to defend against HTTP slow attacks.

<sysname> system-view
[sysname] v-gateway http-slow-attack defend enable
Parent Topic: Virtual Gateway Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >