hit-rate-threshold

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 10.0 of Junos OS.

Description

Configure context hit rate thresholds to start bot client classifications for application-level distributed denial-of-service (DDoS) protection. The value is measured in number of contexts seen in tick interval (one tick is equal to 60 seconds). The context is an application protocol context such as: http-url and dns-cname. When the threshold is reached, the system will begin client classification using time-binding, if time-binding parameters are configured.

If time-binding is not configured, the system will skip bot client classification, and the configured policy actions are taken. This could result in valid clients being applied with configured policy actions. Time-binding configuration (count and period) should be used for bot client classification. However, this feature can be used as an Application Layer screen to deny resource access for all clients when context hit-rate-threshold is exceeded.

The context hit rate is the number of hits in tick interval for the same context type, for example: http-url for a specific application-level DDoS protected application.

Options

threshold number —Context hit rate threshold from bot client.

Range:

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.