ScreenOS Firewalls (NOT SRX)
Reply
Distinguished Expert
Screenie
Posts: 1,073
Registered: ‎01-10-2008
0

DI service limits

Hi,

 

I've got a customer who wants to use DI service limits to block access to his webserver when to much 403 are returned. We see the correct policy being hit by the traffic, generate 403 but no bloccking occurs. Did anyone ever use DI for this purpose?

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Super Contributor
Nadia
Posts: 94
Registered: ‎11-06-2007
0

Re: DI service limits

Hi Screenie,

Does your configuration contain the following command?

set di service HTTP brute_search <value>

 

With this command you can configure the maximum number of 301/403/404 or 405 errors per-minute.

 

Hope this helps,

Nadia

Distinguished Expert
Screenie
Posts: 1,073
Registered: ‎01-10-2008
0

Re: DI service limits

Hi,

 

Thanks for taking the time to answer my question.

 

Unofortunaly: yes the config has set:

 

set di service HTTP brute_search 2

 

So after two 403 a block should occur.

 

Thanks,

 

best regards

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Super Contributor
Nadia
Posts: 94
Registered: ‎11-06-2007
0

Re: DI service limits

Hi there,

Which version of ScreenOS are you using?

Can you show me your policy and attack-group configuration?

If you run a "debug flow basic" does the traffic match the policy you expect?

 

Thanks,

Nadia

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.