Settings | Guidelines |
Proxy IP threshold factor | Specify a multiplier when the source IP address is identified as a proxy IP address. For example, if you specify 32, and the Most Active Source threshold is 1000, then the Most Active Source threshold applied to proxy IP addresses is 32 * 1000 or 32,000. The default is 128. The maximum is 32,768. |
Proxy IP list status | Displays the date and time when the list was last updated. |
Detect proxy IP by number of connections | |
Concurrent connections per source | Every 5 minutes, the system records the IP addresses of sources with more than this number of concurrent connections to test whether those sources might be using a proxy IP address. The default is 100 concurrent connections. |
Percent present | Threshold that determines whether the source IP address is regarded as a proxy IP address. For example, the default is 30. After the observation period, the IPs whose numbers of concurrent connections have been 30% of the time above 100 are identified as proxy IPs. |
Observation period | • Past Week—Uses data from the past week to determine whether a source IP address is a proxy IP address. • Past Month—Uses data from the past month. |
Generate proxy IP list | Select to generate the list of detected proxy IP addresses. This list is useful for identifying IP addresses that the system has treated as a proxy but are actually attackers. You can add these kinds of IP addresses to an ACL to block their traffic. |
Detect proxy IP using headers | |
Proxy HTTP header type | Select HTTP headers that indicate a proxy address might be in use: • true-client-IP • x-forwarded-for (selecting this option also enables parsing of x-true-client-ip and x-real-ip headers) Tip: Shift-click to select multiple items. |
To configure with the CLI, use a command sequence similar to the following: config ddos global proxy-ip-setting set auto-proxy-ip-status {enable | disable} set proxy-ip-percent-present <integer> set proxy-ip-observation-period {past-week | past-month} set header-proxy-ip-status {enable | disable} set header-proxy-type {true-client-ip X-Forwarded-For} set proxy-ip-threshold-factor <integer> end |