value-hit-rate-threshold

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 10.0 of Junos OS.

Description

Configure the context-value-hit-rate threshold in tick interval. A tick is defined as 60 seconds by default. When the same context value is requested for more than value-hit-rate-threshold limit for a given context and application-level distributed denial-of-service (DDoS) application, the system will start bot client classification, if time-binding parameters are configured. If time-binding parameters are not configured, the configured policy actions are taken.

Note: If time-binding is not configured, the system will skip bot client classification, and the configured policy actions are taken. This could result in valid clients being applied with configured policy actions. Time-binding configuration (count and period) should be used for bot client classification. However, this feature can be used as an Application Layer screen to deny resource access for all clients when context value-hit-rate-threshold is exceeded.

Options

number —Context value hit rate threshold.

Range:

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.