Forum Discussion
Evergrim
Altocumulus
AltocumulusASM DoS Profile blacklist duration
Hi, We had to create a DoS profile for a virtual server at the weekend due to a DoS attack. I have activated three vectors in the profile - Behavioral Anomalous Bad Actors - Stress-based High-Vol...
Hi Evergrim ,
Have a look in the below deployment , it has all info about using behavioral and bad actor vector for HTTP :
https://readthedocs.org/projects/bados-sg-agility-2018/downloads/pdf/latest/
From your Post , I detect that you have an AFM and AWAF license , so that you see a bit difference in GUI from an AWAF only provisioned license.
in your Article you are refering to Network Attack vectors not http ones.
In Network DoS Attack vector , you can easly set the duration of bad actors and it's configurable.
in HTTP Vectors it seems to be not that easy and I think there's no way to set the duration for bad-actors.
Maybe it's 4 hours like the described in the article because Bad-actors is a mitigation technique for L3 and L4 not L7 attacks , so I think it should follow the same criteria like Network bad-actors duration.
I want to say ( even in L7 vectors or Network Vectors >>> It's a security check happens in Layer 3 and 4 only.