Section – DoS Attack Prevention

Section - DoS Attack Prevention

Specifies the maximum number of requests allowed to access this application from the same source IP address within the given period (in seconds).
The request frequency filter is based on a statistical function that efficiently approximates the real request frequency with a low variance. The variance may be noticeable during testing, but the request frequency filter should give satisfying results for productive scenarios.

When the request threshold is reached, the requests will be blocked with HTTP response status code 503 (instead of 400).

The log message will be accordingly:

WR-SG-BLOCK-160, "Maximum number of allowed requests (...) within ... seconds for this IP (...) reached". attack_type: Denial of service, block_type: DOS Thresholds, constraint: Threshold

Log only

Enables/disables the log-only mode. When ticked, DoS Attack Prevention only creates logs instead of blocks.

Source IP address exception

Reference to an IP list that acts as an allow list. All source IPs matching this list will be excluded from the request limit per IP restriction. This is typically used if you have many users having the same source IP (i.e. proxy).

Request frequency restrictions per IP

Value

Description

Enabled

Icon - Green dot - ON = enabled

Icon - Gray dot - OFF = disabled

Path pattern

A pattern matching the request path. Optionally containing an entry or back-end path variable for static mappings (e.g. ^%ENTRYDIR%/).

For more information and examples, see article Entry path as Directory or Regular expression.

Max requests per interval

Maximum requests that are allowed per IP address.

Interval (seconds)

Interval for measurement of allowed requests per IP address.

The processing order is important because the first matching rule will be applied.