How To Protect a Web Server from a DoS Attack

How To Protect a Web Server from a DoS Attack

41720
Created On 09/25/18 17:51 PM - Last Modified 06/13/23 05:16 AM


Resolution


Details

It is possible to configure a Denial-of-Service (DoS) protection policy for a server. In the example below, users from the Internet are accessing the server, 1.1.1.10, which is NATed to 192.168.1.10. The DoS policy will be configured to protect the server with a maximum of 20000 sessions and 1000 connections per source IP.

Configure protection for the server (Type aggregate), or use the Zone protection profile.

  • Objects > DoS Protection > Add profile
  • Profile Name = "Session Limit Server" for the example
  • Type Aggregate,
  • Select Syn Flood
    dos4.png

Resources Protection Select Sessions

  • Max Concurrent Limit is set to 20000

  dos7.png

Configure protection from a single IP to server (Type Classified). No Flood protection is needed.

  • Objects > DoS Protection> Add profile
  • Name "SessionLimit SingleIP" for the example
  • Resources Protection
  • Select Sessions
  • Max concurrent Limit = 1000

dos8.png

Configure the DoS Policy for the server.

  • Policies > DoS Protection > Add DoS Rule
  • General tab
  • Name = DoS Server for the example

dos12.png

  • Source tab
  • Zone = Untrust
  • Source Address = Any
  • Source User = any

dos10.png

Destination tab

  • Type = Zone
  • Zone= Untrust
  • Destination IP = Server 1.1.1.10

dos11.png

Option/Protection tab

  • Action = Protect
  • Aggregate select "SessionLimit Server" profile from drop down menu
  • Select Classified and "SessionLimit SingleIP" profile from the drop down menu

dos9.png

owner: wtam
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClL3CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language