After enabling the AppQoE feature, you must configure one or more actions for handling requests.
To configure priority queuing with policy queue depths of 10 and 1000 for medium and lowest priority queues, respectively:
> add appqoe action appqoe-act-basic-prhigh -priority HIGH Done > add appqoe action appqoe-act-basic-prmedium -priority MEDIUM -polqDepth 10 Done > add appqoe action appqoe-act-basic-prlow -priority LOW -polqDepth 1000 Done > show appqoe action 1) Name: appqoe-act-basic-prhigh ActionType: PRIORITY_QUEUING Priority: HIGH PolicyQdepth: 0 Qdepth: 0 2) Name: appqoe-act-basic-prmedium ActionType: PRIORITY_QUEUING Priority: MEDIUM PolicyQdepth: 10 Qdepth: 0 3) Name: appqoe-act-basic-prlow ActionType: PRIORITY_QUEUING Priority: LOW PolicyQdepth: 1000 Qdepth: 0 Done
The priority queue to which the request is assigned. When a protected web server or application is heavily loaded and cannot accept additional requests, specifies the order in which waiting requests are to be fulfilled when resources are available. The choices are:
If priority is not configured, then the NetScaler appliance assigns the request to the LOWEST priority queue by default.
Configures the NetScaler ADC to take the specified Responder action when the specified threshold is reached. Must be used with one of the following settings:
These values specify HTTP challenge-response methods for validating the authenticity of incoming requests to mitigate an HTTP-DDoS attack.
Header cookie (_DOSQ). Contains client-specific information, so that the NetScaler appliance can verify the response.
Body cookie (_DOSH). Information used to validate the client machine. The client's browser (or the user, in the case of HIC) computes a value for this cookie. The NetScaler appliance compares that value with the expected value to verify the client.
The information that the appliance sends to the client for computing the _DOSH value is based on the DoS Action configuration.
2) HICResponse: in this case, a NetScaler appliance generates two single-digit numbers and generates images for those numbers. Then, using a backpatch framework, the appliance inserts those images as base64 strings.
1. This is not a trivial CAPTCHA implementation, which is why that term not used.