Product Documentation

dos policy

Sep 12, 2016

The following operations can be performed on "dos policy":

add | rm | set | unset | show | stat

add dos policy

Adds a DoS protection policy to the appliance. Note: To apply DoS protection to a service, bind the DoS policy to the service by using the bind service command.

Synopsys

add dos policy <name> -qDepth <positive_integer> [-cltDetectRate <positive_integer>]

Arguments

name

Name for the HTTP DoS protection policy. Must begin with a letter, number, or the underscore character (_). Other characters allowed, after the first character, are the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), and colon (:) characters.

qDepth

Queue depth. The queue size (the number of outstanding service requests on the system) before DoS protection is activated on the service to which the DoS protection policy is bound.

Minimum value: 21

cltDetectRate

Client detect rate. Integer representing the percentage of traffic to which the HTTP DoS policy is to be applied after the queue depth condition is satisfied.

Minimum value: 0

Maximum value: 100

Example

add dos policy dospol -qdepth 100 -cltDetectRate 90

rm dos policy

Removes a DoS protection policy from the appliance.

Synopsys

rm dos policy <name>

Arguments

name

Name of the DoS protection policy to be removed.

Example

rm dos policy dospol

set dos policy

Modifies the attributes of a DoS protection policy.

Synopsys

set dos policy <name> [-qDepth <positive_integer>] [-cltDetectRate <positive_integer>]

Arguments

name

Name of the DoS protection policy to be modified.

qDepth

Queue depth. The queue size (the number of outstanding service requests on the system) before DoS protection is activated on the service to which the DoS protection policy is bound.

Minimum value: 21

cltDetectRate

Client detect rate. Integer representing the percentage of traffic to which the HTTP DoS policy is to be applied after the queue depth condition is satisfied.

Minimum value: 1

Maximum value: 100

Example

set dos policy dospol -qdepth 1000

unset dos policy

Use this command to remove dos policy settings.Refer to the set dos policy command for meanings of the arguments.

Synopsys

unset dos policy <name> -cltDetectRate

show dos policy

Displays information about a DoS protection policy.

Synopsys

show dos policy [<name>]

Arguments

name

Name of the DoS protection policy about which to display information. If a name is not provided, information about all DoS protection policies is shown.

Outputs

qDepth

Queue depth. The queue size (the number of outstanding service requests on the system) before DoS protection is activated on the service to which the DoS protection policy is bound.

cltDetectRate

Client detect rate. Integer representing the percentage of traffic to which the HTTP DoS policy is to be applied after the queue depth condition is satisfied.

devno

count

stateflag

Example

> show dos policy         1 configured DoS policy: 1)      Policy: dospol  QDepth: 100     ClientDetectRate: 90  Done 

stat dos policy

Displays statistics of the DoS protection policy.

Synopsys

stat dos policy [<name>] [-detail] [-fullValues] [-ntimes <positive_integer>] [-logFile <input_filename>] [-clearstats ( basic | full )]

Arguments

name

The name of the DoS protection policy whose statistics must be displayed. If a name is not provided, statistics of all the DoS protection policies are displayed.

detail

Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues

Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes

The number of times, in intervals of seven seconds, the statistics should be displayed.

Default value: 1

Minimum value: 0

logFile

The name of the log file to be used as input.

clearstats

Clear the statsistics / counters

Possible values: basic, full

Outputs

count

devno

stateflag

Outputs

Client detect rate (ClDtRate)

Current ratio of JavaScript send rate to the server response rate (Client detect rate)

Physical service IP (SvcIP)

IP address of the service to which this policy is bound.

Physical service port (SvcPort)

Port address of the service to which this policy is bound.

Current server queue size (CurQSize)

Current queue size of the server to which this policy is bound.

DOS transactions (DosTrans)

Total number of DoS JavaScript transactions performed for this policy.

Client detect rate mismatch (JsRefusd)

Number of times the DoS JavaScript was not sent because the set JavaScript rate was not met for this policy.

Valid clients (TotValCl)

Total number of valid DoS cookies received for this policy.

DOS JavaScript bytes served (JsBytSnt)

Total number of DoS JavaScript bytes sent for this policy.

Non GET, POST requests

Number of non-GET and non-POST requests for which DOS JavaScript was sent.

DOS JavaScript send rate (JSRate)

Current rate at which JavaScript is being sent in response to client requests.

Server response rate (RespRate)

Current rate at which the server to which this policy is bound is responding.

Related Commands