Product Documentation

Binding an HTTP DoS Monitor and Policy

Sep 03, 2013
To put HTTP DoS protection into effect after you have configured an HTTP DoS service, you must bind the monitor, and then bind the service to the HTTP DoS policy.

To bind the monitor to the service by using the command line interface

At the command prompt, type the following commands to bind the monitor to the service and verify the configuration:
  • bind lb monitor <monitorName> <serviceName>
  • show lb monitor

Example

> bind lb monitor tcp ser-HTTP-DoS 
 Done 
> show lb monitor 
1)   Name.......:   ping-default  Type......:      PING   State....ENABLED 
2)   Name.......:    tcp-default  Type......:       TCP   State....ENABLED 
3)   Name.......:           ping  Type......:      PING   State....ENABLED 
4)   Name.......:            tcp  Type......:       TCP   State....ENABLED 
5)   Name.......:           http  Type......:      HTTP   State....ENABLED 
 . 
 . 
 . 
17)   Name.......:       ldns-dns  Type......:  LDNS-DNS   State....ENABLED 
 Done

To bind the policy to the service by using the command line interface

At the command prompt, type the following commands to bind the policy to the service and verify the configuration:

bind service <serviceName> -policyName <policyname>

Example

 
> bind service ser-HTTP-DoS -policyName pol-HTTP-DoS 
 Done 
> show service 
1)      srv-http-10 (10.102.29.30:80) - HTTP 
        State: DOWN 
        Last state change was at Wed Jul  8 07:49:52 2009 
        Time since last state change: 34 days, 01:24:58.510 
        Server Name: 10.102.29.30 
        Server ID : 0   Monitor Threshold : 0 
        Max Conn: 0     Max Req: 0      Max Bandwidth: 0 kbits 
        Use Source IP: NO 
        Client Keepalive(CKA): NO 
        Access Down Service: NO 
        TCP Buffering(TCPB): NO 
        HTTP Compression(CMP): NO 
        Idle timeout: Client: 180 sec   Server: 360 sec 
        Client IP: DISABLED 
        Cacheable: NO 
        SC: OFF 
        SP: ON 
        Down state flush: ENABLED 
        . 
        . 
        . 
4)      ser-HTTP-Dos (10.102.29.18:88) - HTTP 
        State: DOWN 
        Last state change was at Tue Aug 11 08:19:45 2009 
        Time since last state change: 0 days, 00:55:05.40 
        Server Name: 10.102.29.18 
        Server ID : 0   Monitor Threshold : 0 
        Max Conn: 0     Max Req: 0      Max Bandwidth: 0 kbits 
        Use Source IP: NO 
        Client Keepalive(CKA): NO 
        Access Down Service: NO 
        TCP Buffering(TCPB): NO 
        HTTP Compression(CMP): YES 
        Idle timeout: Client: 180 sec   Server: 360 sec 
        Client IP: DISABLED 
        Cacheable: NO 
        SC: OFF 
        SP: ON 
        Down state flush: ENABLED 
5)      ser-HTTP-Dos1 (10.102.29.40:87) - HTTP 
        State: DOWN 
        Last state change was at Tue Aug 11 08:23:40 2009 
        Time since last state change: 0 days, 00:51:10.110 
        Server Name: 10.102.29.40 
        Server ID : 0   Monitor Threshold : 0 
        Max Conn: 0     Max Req: 20     Max Bandwidth: 0 kbits 
        Use Source IP: NO 
        Client Keepalive(CKA): NO 
        Access Down Service: NO 
        TCP Buffering(TCPB): NO 
        HTTP Compression(CMP): YES 
        Idle timeout: Client: 180 sec   Server: 360 sec 
        Client IP: DISABLED 
        Cacheable: NO 
        SC: OFF 
        SP: OFF 
        Down state flush: ENABLED 
 Done 
>

To bind the monitor and policy to the service by using the configuration utility

  1. Navigate to Traffic Management > Load Balancing > Services.
  2. In the details pane, select the service that you want to bind, and then click Open.
  3. In the Configure Service dialog box, select the Monitor tab, click the name of the monitor you want in the Monitors list, and then click Add. The selected monitor is added to the Configured frame.
  4. Select the Policies tab, then select the HTTP DoS tab.
  5. Select a policy from the Available Policies list, and then click Add. The policy appears in the Configured Policies list.
  6. Click OK, and then click Close. A message appears in the status bar, stating that the service has been configured.