dos-policy¶

The following operations can be performed on "dos-policy":

unset dos policy¶

Use this command to remove dos policy settings.Refer to the set dos policy command for meanings of the arguments.NOTE: This command is deprecated.

Synopsis¶

stat dos policy¶

Displays statistics of the DoS protection policy. NOTE: This command is deprecated.HTTP DOS protection feature has been deprecated in favour of AppQoE

Synopsis¶

Arguments¶

name The name of the DoS protection policy whose statistics must be displayed. If a name is not provided, statistics of all the DoS protection policies are displayed.

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

Output¶

count devno stateflag

Counters¶

Client detect rate (ClDtRate) Current ratio of JavaScript send rate to the server response rate (Client detect rate)

Physical service IP (SvcIP) IP address of the service to which this policy is bound.

Physical service port (SvcPort) Port address of the service to which this policy is bound.

Current server queue size (CurQSize) Current queue size of the server to which this policy is bound.

DOS transactions (DosTrans) Total number of DoS JavaScript transactions performed for this policy.

Client detect rate mismatch (JsRefusd) Number of times the DoS JavaScript was not sent because the set JavaScript rate was not met for this policy.

Valid clients (TotValCl) Total number of valid DoS cookies received for this policy.

DOS JavaScript bytes served (JsBytSnt) Total number of DoS JavaScript bytes sent for this policy.

Non GET, POST requests Number of non-GET and non-POST requests for which DOS JavaScript was sent.

DOS JavaScript send rate (JSRate) Current rate at which JavaScript is being sent in response to client requests.

Server response rate (RespRate) Current rate at which the server to which this policy is bound is responding.

set dos policy¶

Modifies the attributes of a DoS protection policy. NOTE: This command is deprecated.

Synopsis¶

Arguments¶

name Name of the DoS protection policy to be modified.

qDepth Queue depth. The queue size (the number of outstanding service requests on the system) before DoS protection is activated on the service to which the DoS protection policy is bound. Minimum value: 21

cltDetectRate Client detect rate. Integer representing the percentage of traffic to which the HTTP DoS policy is to be applied after the queue depth condition is satisfied. Minimum value: 1 Maximum value: 100

Example¶

set dos policy dospol -qdepth 1000

add dos policy¶

Adds a DoS protection policy to the appliance. Note: To apply DoS protection to a service, bind the DoS policy to the service by using the bind service command. NOTE: This command is deprecated.HTTP DOS protection feature has been deprecated in favour of AppQoE

Synopsis¶

Arguments¶

name Name for the HTTP DoS protection policy. Must begin with a letter, number, or the underscore character (_). Other characters allowed, after the first character, are the hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), and colon (:) characters.

qDepth Queue depth. The queue size (the number of outstanding service requests on the system) before DoS protection is activated on the service to which the DoS protection policy is bound. Minimum value: 21

cltDetectRate Client detect rate. Integer representing the percentage of traffic to which the HTTP DoS policy is to be applied after the queue depth condition is satisfied. Minimum value: 0 Maximum value: 100

Example¶

add dos policy dospol -qdepth 100 -cltDetectRate 90

rm dos policy¶

Removes a DoS protection policy from the appliance. NOTE: This command is deprecated.HTTP DOS protection feature has been deprecated in favour of AppQoE

Synopsis¶

Arguments¶

name Name of the DoS protection policy to be removed.

Example¶

rm dos policy dospol

show dos policy¶

Displays information about a DoS protection policy. NOTE: This command is deprecated.HTTP DOS protection feature has been deprecated in favour of AppQoE

Synopsis¶

Arguments¶

name Name of the DoS protection policy about which to display information. If a name is not provided, information about all DoS protection policies is shown.

Output¶

qDepth Queue depth. The queue size (the number of outstanding service requests on the system) before DoS protection is activated on the service to which the DoS protection policy is bound.

cltDetectRate Client detect rate. Integer representing the percentage of traffic to which the HTTP DoS policy is to be applied after the queue depth condition is satisfied.

devno count stateflag

Example¶

show dos policy 1 configured DoS policy: 1) Policy: dospol QDepth: 100 ClientDetectRate: 90 Done