dos policy¶
The following operations can be performed on "dos policy":
add | rm | set | unset | show | stat
add dos policy¶
Adds a DoS protection policy to the appliance.Note: To apply DoS protection to a service, bind the DoS policy to the service by using the bind service command.
Synopsys¶
add dos policy <name> -qDepth <positive_integer> [-cltDetectRate <positive_integer>]
Arguments¶
name
Name for the HTTP DoS protection policy. Must begin with a letter, number, or the underscore character (_). Other characters allowed, after the first character, are the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), and colon (:) characters.
qDepth
Queue depth. The queue size (the number of outstanding service requests on the system) before DoS protection is activated on the service to which the DoS protection policy is bound.
Minimum value: 21
cltDetectRate
Client detect rate. Integer representing the percentage of traffic to which the HTTP DoS policy is to be applied after the queue depth condition is satisfied.
Minimum value: 0
Maximum value: 100
Example¶
add dos policy dospol -qdepth 100 -cltDetectRate 90
rm dos policy¶
Removes a DoS protection policy from the appliance.
Synopsys¶
rm dos policy <name>
Arguments¶
name
Name of the DoS protection policy to be removed.
Example¶
rm dos policy dospol
set dos policy¶
Modifies the attributes of a DoS protection policy.
Synopsys¶
set dos policy <name> [-qDepth <positive_integer>] [-cltDetectRate <positive_integer>]
Arguments¶
name
Name of the DoS protection policy to be modified.
qDepth
Queue depth. The queue size (the number of outstanding service requests on the system) before DoS protection is activated on the service to which the DoS protection policy is bound.
Minimum value: 21
cltDetectRate
Client detect rate. Integer representing the percentage of traffic to which the HTTP DoS policy is to be applied after the queue depth condition is satisfied.
Minimum value: 1
Maximum value: 100
Example¶
set dos policy dospol -qdepth 1000
unset dos policy¶
Use this command to remove dos policy settings.Refer to the set dos policy command for meanings of the arguments.
Synopsys¶
unset dos policy <name> -cltDetectRate
show dos policy¶
Displays information about a DoS protection policy.
Synopsys¶
show dos policy [<name>]
Arguments¶
name
Name of the DoS protection policy about which to display information. If a name is not provided, information about all DoS protection policies is shown.
Outputs¶
qDepth
Queue depth. The queue size (the number of outstanding service requests on the system) before DoS protection is activated on the service to which the DoS protection policy is bound.
cltDetectRate
Client detect rate. Integer representing the percentage of traffic to which the HTTP DoS policy is to be applied after the queue depth condition is satisfied.
devno
count
stateflag
Example¶
> show dos policy 1 configured DoS policy:1) Policy: dospol QDepth: 100 ClientDetectRate: 90 Done
stat dos policy¶
Displays statistics of the DoS protection policy.
Synopsys¶
stat dos policy [<name>] [-detail] [-fullValues] [-ntimes <positive_integer>] [-logFile <input_filename>] [-clearstats ( basic | full )]
Arguments¶
name
The name of the DoS protection policy whose statistics must be displayed. If a name is not provided, statistics of all the DoS protection policies are displayed.
detail
Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.
fullValues
Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated
ntimes
The number of times, in intervals of seven seconds, the statistics should be displayed.
Default value: 1
Minimum value: 0
logFile
The name of the log file to be used as input.
clearstats
Clear the statsistics / counters
Possible values: basic, full
Outputs¶
count
devno
stateflag
Outputs¶
Client detect rate (ClDtRate)
Current ratio of JavaScript send rate to the server response rate (Client detect rate)
Physical service IP (SvcIP)
IP address of the service to which this policy is bound.
Physical service port (SvcPort)
Port address of the service to which this policy is bound.
Current server queue size (CurQSize)
Current queue size of the server to which this policy is bound.
DOS transactions (DosTrans)
Total number of DoS JavaScript transactions performed for this policy.
Client detect rate mismatch (JsRefusd)
Number of times the DoS JavaScript was not sent because the set JavaScript rate was not met for this policy.
Valid clients (TotValCl)
Total number of valid DoS cookies received for this policy.
DOS JavaScript bytes served (JsBytSnt)
Total number of DoS JavaScript bytes sent for this policy.
Non GET, POST requests
Number of non-GET and non-POST requests for which DOS JavaScript was sent.
DOS JavaScript send rate (JSRate)
Current rate at which JavaScript is being sent in response to client requests.
Server response rate (RespRate)
Current rate at which the server to which this policy is bound is responding.