Denial of Service prevention
Denial of Service using the "Basic DoS prevention" checkbox. The basic setting contains the following restrictions:
- Limits the connections per source IP address to 1/4 of the server's maximum number of connections.
- Enforces minimal data rate (75 to 300 bytes/sec) if the server has less than 1/3 of free/idle connections.
- Disables HTTP keep-alive if 85% of all connections are busy.
- Does not allow a single IP source address to create more than 500 HTTP sessions within 5 minutes.
- Does not allow a single IP source address to cause more the 500 exceptional HTTP response codes (400, 405, 406, 408, 413, 414, 500, 503, 505) within 5 minutes.
You can also disable the default DoSP and configure your own policy by using a "Servlet" resource of the type: ch::nevis::navajo::apglue::httpd_2_2_x::servlet::ApacheServlet
. The servlet has to be assigned to any application of the environment.
Ensure that your setting matches the anonymous timeout settings of your environment.
Use the configuration template "Custom Denial of Service prevention settings" to configure this use case. For more information, see the chapter Custom Denial of Service prevention settings.