ScreenOS Firewalls (NOT SRX)
Showing results for 
Search instead for 
Do you mean 
Reply
Distinguished Expert
Posts: 1,122
Registered: ‎01-10-2008
0 Kudos

DI service limits

Hi,

 

I've got a customer who wants to use DI service limits to block access to his webserver when to much 403 are returned. We see the correct policy being hit by the traffic, generate 403 but no bloccking occurs. Did anyone ever use DI for this purpose?

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Super Contributor
Posts: 94
Registered: ‎11-06-2007
0 Kudos

Re: DI service limits

Hi Screenie,

Does your configuration contain the following command?

set di service HTTP brute_search <value>

 

With this command you can configure the maximum number of 301/403/404 or 405 errors per-minute.

 

Hope this helps,

Nadia

Distinguished Expert
Posts: 1,122
Registered: ‎01-10-2008
0 Kudos

Re: DI service limits

Hi,

 

Thanks for taking the time to answer my question.

 

Unofortunaly: yes the config has set:

 

set di service HTTP brute_search 2

 

So after two 403 a block should occur.

 

Thanks,

 

best regards

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Super Contributor
Posts: 94
Registered: ‎11-06-2007
0 Kudos

Re: DI service limits

Hi there,

Which version of ScreenOS are you using?

Can you show me your policy and attack-group configuration?

If you run a "debug flow basic" does the traffic match the policy you expect?

 

Thanks,

Nadia