ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

DI service limits

05.07.08   |  
‎05-07-2008 08:02 AM

Hi,

 

I've got a customer who wants to use DI service limits to block access to his webserver when to much 403 are returned. We see the correct policy being hit by the traffic, generate 403 but no bloccking occurs. Did anyone ever use DI for this purpose?

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
3 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: DI service limits

05.08.08   |  
‎05-08-2008 02:37 AM

Hi Screenie,

Does your configuration contain the following command?

set di service HTTP brute_search <value>

 

With this command you can configure the maximum number of 301/403/404 or 405 errors per-minute.

 

Hope this helps,

Nadia

ScreenOS Firewalls (NOT SRX)

Re: DI service limits

05.08.08   |  
‎05-08-2008 03:02 AM

Hi,

 

Thanks for taking the time to answer my question.

 

Unofortunaly: yes the config has set:

 

set di service HTTP brute_search 2

 

So after two 403 a block should occur.

 

Thanks,

 

best regards

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
ScreenOS Firewalls (NOT SRX)

Re: DI service limits

05.08.08   |  
‎05-08-2008 06:46 AM

Hi there,

Which version of ScreenOS are you using?

Can you show me your policy and attack-group configuration?

If you run a "debug flow basic" does the traffic match the policy you expect?

 

Thanks,

Nadia