DI service limits

Screenie · ‎01-10-2008

Hi,

I've got a customer who wants to use DI service limits to block access to his webserver when to much 403 are returned. We see the correct policy being hit by the traffic, generate 403 but no bloccking occurs. Did anyone ever use DI for this purpose?

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Nadia · ‎11-06-2007

Hi Screenie,

Does your configuration contain the following command?

set di service HTTP brute_search <value>

With this command you can configure the maximum number of 301/403/404 or 405 errors per-minute.

Hope this helps,

Nadia

Screenie · ‎01-10-2008

Hi,

Thanks for taking the time to answer my question.

Unofortunaly: yes the config has set:

set di service HTTP brute_search 2

So after two 403 a block should occur.

Thanks,

best regards

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Nadia · ‎11-06-2007

Hi there,

Which version of ScreenOS are you using?

Can you show me your policy and attack-group configuration?

If you run a "debug flow basic" does the traffic match the policy you expect?

Thanks,

Nadia

DI service limits

Re: DI service limits

Re: DI service limits

Re: DI service limits