How To Protect a Web Server from a DoS Attack
46629
Created On 09/25/18 17:51 PM - Last Modified 06/13/23 05:16 AM
Resolution
Details
It is possible to configure a Denial-of-Service (DoS) protection policy for a server. In the example below, users from the Internet are accessing the server, 1.1.1.10, which is NATed to 192.168.1.10. The DoS policy will be configured to protect the server with a maximum of 20000 sessions and 1000 connections per source IP.
Configure protection for the server (Type aggregate), or use the Zone protection profile.
- Objects > DoS Protection > Add profile
- Profile Name = "Session Limit Server" for the example
- Type Aggregate,
- Select Syn Flood
Resources Protection Select Sessions
- Max Concurrent Limit is set to 20000
Configure protection from a single IP to server (Type Classified). No Flood protection is needed.
- Objects > DoS Protection> Add profile
- Name "SessionLimit SingleIP" for the example
- Resources Protection
- Select Sessions
- Max concurrent Limit = 1000
Configure the DoS Policy for the server.
- Policies > DoS Protection > Add DoS Rule
- General tab
- Name = DoS Server for the example
- Source tab
- Zone = Untrust
- Source Address = Any
- Source User = any
Destination tab
- Type = Zone
- Zone= Untrust
- Destination IP = Server 1.1.1.10
Option/Protection tab
- Action = Protect
- Aggregate select "SessionLimit Server" profile from drop down menu
- Select Classified and "SessionLimit SingleIP" profile from the drop down menu
owner: wtam