Table of Contents

Advanced Behavioral DDoS

Rama Sadhu Updated by Rama Sadhu

IP Based System Defined Behavioral DDoS Policy 

 A set of predefined rules and procedures set to mitigate and respond to DDoS attacks. This policy is designed to protect the web application from being overwhelmed by malicious traffic, thus ensuring the availability of web application all time. 

Policy name & Severity 

 The policy name starts with web application and followed by Ip rate limiting policy.

Example: check.yesbank.info ip rate limiting policy 

By default, policy Severity is selected as Critical. 

Users cannot edit this field.
Step 1 

For all requests where 

System defined policies cannot be edited by users. These fields are disabled automatically. 

Step 2

No. of requests with cookie/IP 

No. of requests without cookie/IP 

No. of cookies/IP 

The count of requests made by a specific IP address with including valid cookie over a specific period of time. 

Note: The requests coming from the same IP or different IP, if the IP exceeds the rate limit, IP will be automatically blocked for the selected block duration (TTL). 

The count of requests made by a specific IP address without a valid cookie. 

 

Irrespective of the requests count, the number of cookies allowed per IP. 

 

Set the rate limit by entering a numeric value or percentage value. 

Step 3 

Log- An email will be sent to the customer when the policy is breached. No further action will be taken even if the requests continue to be received from the same IP. 

Log & Block- An email will be sent to the customer when the policy is breached. It blocks further requests for selected block duration. 

Block Duration- By default, 2min block duration is set for all customers. Use up-down arrows to increase or decrease the block duration time. 

Also Inform- Customers can get the executive action details to their mailbox by providing a valid email address. 

Display Chart for IP Based System Defined Policy 

The chart displays the number of requests with cookie/IP, without cookie/IP, and number of cookies/IP. 

P99 is the maximum number of requests received. 

All the requests received for Last 24 hours and Last 7 days is displayed. 

Alert Line 

The alert line refers to a predefined threshold that helps to respond promptly to the policies. 

A check box is given to enable or disable the alert line. 

Host Based System Defined Behavioral DDoS Policy 

 Host-based policies are enhanced to work with thresholds in terms of req./IP/min or with max. Unique IP / min, however, host-based policies will continue to only trigger an email alert to the users and not actually block requests. 

Policy Name & Severity 

The policy name starts with web application followed by App rate limiting policy 

Example: check.yesbank.info App rate limiting policy 

By default, policy Severity is set as LOW.

Step 1 

This field cannot be edited by the user. 

Step 2

No. of Requests/min 

The number of requests exceed the defined threshold, the policy kicks in. 

No. of IPs/min 

The number of IPs exceeds the defined threshold, the policy kicks in. 

Set the rate limit by entering a numeric value or percentage value. 

Step 3 

Once the rate limit set successfully, details will be sent to the customer provided mail ID.

Display Chart for Host Based System Defined Policy 

The chart displays the total number of requests and total number of IPs. 

P99 is the maximum number of requests received. 

All the requests received for Last 24 hours and Last 7 days is displayed. 

Alert Line 

The alert line refers to a predefined threshold that helps to respond promptly to the policies. 

A check box is given to enable or disable the alert line. 

 

IP based user defined policies and Host based user defined policies also, will have the same work flow.

How did we do?

Analysis page - Attack Trend Visualisation

BOT Protection

Contact

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.