28 ServerIron ADX Security Guide
53-1002440-03
HTTP TRL policy commands
1
<max-conn-value>—specifies maximum number of connections client can setup.
Example
ServerIronADX(config-http-trl-p1)# client-name c1 max-conn 10
NOTE
You must set the client HTTP max-conn configuration before you configure the client exceed-action.
NOTE
Max-conn currently supports only HTTP/1.0.
Client-name <client-name> exceed-action
Use the client-name <client-name> exceed-action option in the http-trl-policy configuration mode to
set the action to take if a client exceeds the configured rate limit,.
Syntax: [no] client-name <client-name> exceed-action [reset | drop]
[reset | drop] specifies client request be reset or dropped if exceeds limit.
Example
ServerIronADX(config-http-trl-p1)# client-name c1 exceed-action [reset]
Syntax: [no] client-name <client-name> exceed-action redirect <domain> <url> [port]
<domain> and <url>—specifies client request to be redirected to this new URL, if limit is exceeded.
NOTE
Use an asterisk (*) to keep the same domain or url. This does not apply if the client is using HTTP 1.0.
ServerIronADX(config-http-trl-p1)# client-name c1 exceed-action redirect * /new
exceed.html http
NOTE
The same domain is used in the incoming packet.
The optional [port] specifies the new TCP port number for the redirected URL.
ServerIronADX(config-http-trl-p1)# client-name c1 exceed-action redirect
www.yahoo.com exceed.html http
Default monitor-interval
Use the default monitor-interval option in the http-trl-policy configuration mode to set default rate
limiting parameters.
Syntax: [no] default monitor-interval <interval-value> <warning-rate> <shutdown-rate>
<holddown-interval>
<interval-value>—specifies monitoring window in 100 ms unit.
<warning-rate>—specifies HTTP connection rate (per second) that causes a warning if
exceeded.
<shutdown-rate>—specifies HTTP connection rate (per second) that causes a client to hold
down.