The web-manager slow-attack check command sets the parameters for checking HTTP slow attack packets on the web server.
The undo web-manager slow-attack check command restores the default parameters for checking HTTP slow attack packets on the web server.
web-manager slow-attack check [ content-length content-length | payload-length payload-length | packet-number packet-number ] *
undo web-manager slow-attack check
| Parameter | Description | Value |
|---|---|---|
| content-length content-length | Specifies the length of the packet content. |
The value is an integer ranging from 100 to 100000000. The default value is 10000. |
| payload-length payload-length | Specifies the length of the payload. |
The value is an integer ranging from 1 to 1000. The default value is 50. |
| packet-number packet-number | Specifies the number of abnormal packets. |
The value is an integer ranging from 1 to 1000. The default value is 10. |
The web-manager slow-attack check command takes effect only after the web-manager slow-attack defend enable command is run.
After the web-manager slow-attack check command is run, the FW defends against HTTP slow attacks of consecutive HTTP GET/POST packets with large length and small HTTP payload.
After the web-manager slow-attack check command is run, the FW checks HTTP packets. If the length of an HTTP packet header is larger than content-length and the payload length is smaller than payload-length, the packet is regarded abnormal. If the number of abnormal packets reaches packet-number, the FW will cut off the connection.