Skip to content

Commit 6ae4473

Browse files
committed
DEF-35723: update enhanced dos docs with action configuration
Signed-off-by: Miroslav Kovac <mkovac@cloudlinux.com>
1 parent c8ceff7 commit 6ae4473

1 file changed

Lines changed: 12 additions & 1 deletion

File tree

docs/dashboard/README.md

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1226,7 +1226,7 @@ Click <span class="notranslate">_Save changes_</span> button on the bottom of th
12261226

12271227
The Enhanced DOS Protection feature forms an additional layer of protection, increasing the stability of servers facing DOS attacks. It takes a different approach than our existing [DOS Protection feature](/dashboard/#dos-protection), which focuses on monitoring the number of simultaneous connections. Enhanced DOS Protection, on the other hand, monitors the rate of requests originating from attacker IP addresses per unit of time.
12281228

1229-
The new feature works better against attacks based on short-living connections and against attacks where the number of requests grows fast (hundreds of requests per second). As Enhanced DOS Protection monitors the number of requests in real-time, it reacts to the threats almost instantly, greylisting the detected IPs and redirecting their requests to the Anti-Bot challenge.
1229+
The new feature works better against attacks based on short-living connections and against attacks where the number of requests grows fast (hundreds of requests per second). As Enhanced DOS Protection monitors the number of requests in real-time, it reacts to the threats almost instantly, greylisting the detected IPs and redirecting their requests to the Anti-Bot challenge. However, it can also be configured to blacklist the IP immediately, completely dropping all further packets.
12301230

12311231
Standard DoS protection, in turn, will block attacks that use long-lived connections (e.g. Slowloris attacks), so these functions complement each other perfectly.
12321232

@@ -1244,6 +1244,17 @@ The feature is switched off by default. You can activate Enhanced DOS Protection
12441244
imunify360-agent config update '{"ENHANCED_DOS":{"enabled":true}}'
12451245
```
12461246

1247+
<h4>Configure the Protective Action</h4>
1248+
1249+
You can define the action taken against an attacking IP. The default action is graylist.
1250+
```
1251+
imunify360-agent config update '{"ENHANCED_DOS":{"action":"blacklist"}}'
1252+
```
1253+
* `"graylist"` (Default): The attacker's IP is added to the Graylist. Their requests are redirected to a splashscreen challenge, and they can regain access by solving it.
1254+
* `"blacklist"`: The attacker's IP is added to the Blacklist, completely blocking them from accessing the server. They will not be presented with a challenge.
1255+
1256+
<h4>Adjust Thresholds and Timeframe</h4>
1257+
12471258
The default timeframe (seconds) and threshold of request (number) could be changed by the following CLI commands:
12481259

12491260
```

0 commit comments

Comments
 (0)