Dos / DDoS
Denial of Service (DoS/DDoS) Policy
[POLICY] > (Select Domain Group) > [Policy Settings] > DOMAIN POLICY > [DOS]
The Denial of Service (DoS/DDoS) policy counts the number of requests per second sent by a client to the web server and responds when the threshold is exceeded. DoS and DDoS can be configured in 1st/2nd/3rd stages, allowing separate thresholds and actions for each stage. The risk level of generated logs is displayed as Stage 1 (Low), Stage 2 (Medium), and Stage 3 (High), and the connection count is based on the number of requests occurring within 1 second.
Operation Principle (Automatic Blocking and Release on a 1-Second Cycle) DeepFinder's DoS protection measures and controls traffic in 1-second units. * Example: If the threshold is set to '3 counts' * If 3 requests come in between 0.0s and 0.3s, blocking starts immediately upon reaching the threshold. * All additional requests coming in between 0.3s and 1.0s (the remaining 0.7s) are blocked. * After 1.0s passes, the count is reset, and connections are normally allowed again. * This process repeats every second to continuously control excessive traffic.
When settings are changed, the details are recorded in the audit log.
| Item | Description |
|---|---|
| Access Count | Sets the maximum number of connections allowed for 1 second. If this number is exceeded, it blocks (or takes the configured action) until the 1-second cycle ends. Connection counts for each stage must be set in the order of 'Stage 1 < Stage 2 < Stage 3', and are automatically sorted based on the input values. (Input up to 999,999 allowed, Default 0) |
| Action | Selects the action to perform upon policy violation (threshold exceeded). • NONE: Does not apply the policy. • ALLOW: Allows the connection and skips the next policy check. • DENY: Blocks the connection and skips the next policy check. • REDIRECT: Blocks the connection and redirects to the specified block page. • DETECT: Records a detection log only and continues to check the next policy without blocking. |
| Log Type | Selects the detail level of the log to record upon detection. (NONE / LOW / FULL) |
Note
DoS (Denial of Service)
'Denial of Service Attack' is a hacking technique that paralyzes a target system by causing a massive amount of connections. The goal is not to infiltrate a system to steal data, but to exhaust the system's resources to prevent it from providing normal services. Sending a huge amount of data at once causes an overload, making access impossible for legitimate users or causing fatal damage to system functions.
DDoS (Distributed Denial of Service)
'Distributed Denial of Service Attack' is a method of simultaneously attacking a specific target using multiple computers (such as zombie PCs). Attackers infect multiple computers with malware and then control them to send massive traffic to the target system all at once. Like a DoS attack, it paralyzes services by exhausting network bandwidth or system resources.