The DoS or Denial of Service section within the IPDS module permits to configure and set protection rules at System or Farm service level.
IPDS module is not available for the most economic plan. So, if you think this module suits your needs we recommend you to resize your load balancer.
The System rules are preloaded but the Farm rules should be configured by the administrator. This section shows the available lists:
- Name. Rule name identification. Click on it to enter to the editing form.
- Rule. It’s the type of the rule. The different options will be:
- sshbruteforce. Protect the system against the SSH password bruteforce attacks.
- dropicmp. Protect the system against ICMP flooding attacks.
- limitsec: Connection limit per second. Protect the farm service limiting the number of connections per second accessing to the service.
- limitconns: Total connections limit per source IP. Protect the farm service limiting the number of connections per source IP accessing to the service.
- bogustcpflags: Check bogus TCP flags. Protect the farm service with bogus TCP flags packets.
- limitrst: Limit RST request per second. Protect the farm service of RST requests for TCP connections by limiting the RST packets per seconds accepted.
- Type. System for global system rules and Farm for rules to be defined and applied to certain farm services.
- Status. Red for unused rules and Green for applied ones.
- Actions. Allowed actions for the status of the DoS rules:
- Edit. To modify the rule global settings or assign a farm service if needed.
- Start. To activate a system rule.
- Stop. To deactivate a system rule.