Section – DoS Attack Prevention

Specifies the maximum number of requests that are allowed to access this application from the same source IP address within the given period of time (in seconds). Note that the request frequency filter is based on a statistical function that approximates the real request frequency in a very efficient way. Therefore, there exists a small associated variance in the number of requests that are allowed which may be noticed in tests. For productive scenarios, the request frequency filter of Airlock Gateway should give satisfying results.

When the request threshold is reached, the requests will be blocked with HTTP response status code 503 (instead of 400).

The log message will be accordingly:

WR-SG-BLOCK-160, "Maximum number of allowed requests (...) within ... seconds for this IP (...) reached". attack_type: Denial of service, block_type: DOS Thresholds, constraint: Threshold

Limit request frequency

Enables DoS attack prevention feature.

Max requests per interval

Maximum requests allowed per IP address.

Interval (seconds)

Interval for measurement of allowed requests per IP address.

Source IP address allow list

Reference to an IP List that acts as allow list. All source IPs matching this list will be excluded from the session limit per IP restriction. This is typically used if you have many users having the same source IP (i.e. proxy).