chasten redirect-packet(slot)

Function

The chasten redirect-packet(slot) command restricts the number of HTTPS redirection packets that can be sent as a reply on the board in a specified slot.

The undo chasten redirect-packet(slot) command cancels the restriction on the number of HTTPS redirection packets that can be sent as a reply on the board in a specified slot.

By default, the global configuration is used. If no global configuration is available, the number of sent HTTPS redirection packets is 300, the period for sending HTTPS redirection packets is 30 seconds, the period in which an HTTPS connection request is blocked is 30 seconds, and one TCP SYN packet is processed per second in the block state.

This command is supported only on the NetEngine 8000 F1A.

Format

chasten redirect-packet send-number send-period blocking-period blocking-rate slot slotid

undo chasten redirect-packet send-number send-period blocking-period blocking-rate slot slotid

Parameters

Parameter Description Value
slot slotid

Specifies the slot number.

The value is a string of 1 to 16 case-sensitive characters, spaces not supported.
redirect-packet send-number

Specifies the number of response redirection packets.

The value is an integer ranging from 1 to 10000.
redirect-packet send-period

Specifies the time for responding to redirection packets.

The value is an integer ranging from 1 to 3600, in seconds.
redirect-packet blocking-period

Specifies the block time for HTTPS flow setup.

The value is an integer ranging from 1 to 3600, in seconds.
redirect-packet blocking-rate

Specifies the TCP SYN packet processing rate in blocking state.

The value is an integer ranging from 1 to 10, in packets/second.

Views

HTTPS redirect view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
portal write

Usage Guidelines

Usage Scenario

To prevent some users from using HTTPS TCP SYN packets with changing destination IP addresses to attack the device so that the HTTPS redirection function is not affected for other users, you need to restrict the rate at which HTTPS redirection packets are sent as a reply to each user on the board in a specified slot. You can run the chasten redirect-packet(slot) command to configure the number of seconds during which a device is frozen if the number of HTTPS redirection packets replied by the device to the user within a specified period exceeds the preset threshold. Within this freezing period, the device discards the HTTPS TCP SYN packets sent by the user.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# On the board in slot 1, configure the device so that when 10000 HTTPS redirection packets are sent as a reply within 3000 seconds for a user, the rate of TCP SYN packets processing by device is 1 per second within the next 3000 seconds.
<HUAWEI> system-view
[~HUAWEI] access https-redirect
[~HUAWEI-access-https-redirect] chasten redirect-packet 10000 3000 3000 1 slot 1
Parent Topic: IPoE Access Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >