05-07-2008 08:02 AM
I've got a customer who wants to use DI service limits to block access to his webserver when to much 403 are returned. We see the correct policy being hit by the traffic, generate 403 but no bloccking occurs. Did anyone ever use DI for this purpose?
05-08-2008 02:37 AM
Does your configuration contain the following command?
set di service HTTP brute_search <value>
With this command you can configure the maximum number of 301/403/404 or 405 errors per-minute.
Hope this helps,
05-08-2008 03:02 AM
Thanks for taking the time to answer my question.
Unofortunaly: yes the config has set:
set di service HTTP brute_search 2
So after two 403 a block should occur.
05-08-2008 06:46 AM
Which version of ScreenOS are you using?
Can you show me your policy and attack-group configuration?
If you run a "debug flow basic" does the traffic match the policy you expect?