POST ATTACK POLICY
POST Attack Policy Settings
[POLICY] > (Select Domain Group) > [SET POLICY] > URL POLICY > (Select URL) > [POST ATTACK]
This policy is designed to defend against Slow POST DoS (e.g., RUDY) attacks.
It blocks attacks where an attacker sets a large Content-Length in the HTTP Header and transmits the actual data (Body) at a very slow rate to occupy the web server's connection session for a long time.
DeepFinder calculates the data transmission speed in real-time and blocks the connection if the transmission rate falls below the configured limit, considering it an attack.
How to Configure: 1. Select the URL (parameter, etc.) to protect from the 'Policy URL List' on the left. 2. Select [POST ATTACK] from the tab menu on the top right. 3. Configure the speed limit and action, then click [SAVE].
| Item | Description |
|---|---|
| Speed Limit (byte/sec) | Enter the data transmission speed per second (Bytes/sec) that serves as the criteria for considering it an attack. (Detected as an attack if data is transmitted slower than the entered speed) |
| ACTION | Select the action to take upon policy violation (Slow POST attack detection). • NONE: Does not apply the policy. • ALLOW: Allows access and skips the next policy inspection. • DENY: Blocks the session immediately. • REDIRECT: Blocks access and redirects to a specified page. • DETECT: Records a detection log only and continues to inspect the next policy without blocking. |
| LOG TYPE | Select the detail level of the log to be recorded upon detection. (NONE / LOW / FULL) |
Info
After changing settings, you must click the [SAVE] button on the top right for the policy to be applied to the system.