blacklist packet-rate
Function
The blacklist packet-rate command configures the upper limit of the rate at which a user uses HTTPS to access an address.
The undo blacklist packet-rate command restores the default configuration.
By default, the upper limit of the rate at which a user uses HTTPS to access an address is 40 per minute.
This command is supported only on the NetEngine 8000 F1A.
Usage Guidelines
Usage Scenario
In web authentication scenarios, before user authentication succeeds, the device redirects HTTPS requests from clients to the web server. If a user maliciously and frequently accesses an address, HTTPS redirection will be triggered constantly, occupying device resources. You can run the blacklist packet-rate command to allow the device to add a destination address to the HTTPS redirection blacklist so that the user cannot perform HTTPS redirection after the rate at which the user uses HTTPS to access the destination address exceeds the upper limit.
Prerequisites
The function to insert JavaScript scripts during web redirection has been enabled using the js enable command.
Precautions
In VS mode, this command is supported only by the admin VS.
Example
<HUAWEI> system-view [~HUAWEI] aaa [~HUAWEI-aaa] domain abc [*HUAWEI-aaa-domain-abc] commit [~HUAWEI-aaa-domain-abc] web-server mode post [*HUAWEI-aaa-domain-abc] quit [*HUAWEI-aaa] quit [*HUAWEI] access https-redirect [*HUAWEI-access-https-redirect] js enable [*HUAWEI-access-https-redirect] blacklist packet-rate 30