Event Per IP Per Path Prefilter Handler
Purpose
This special handler triggers the Requests Per IP Per Path Per Timeframe Per Application Event Source if within a given period of time there have been more requests from a given IP address range than allowed. As this handler is used on path level, only requests relating to this path are counted.
You need to link an event destination group to the Requests Per IP Per Path Per Timeframe Per Application Event Source in order to actually trigger an alert.
For more information regarding adding and editing Handlers, see Editing Handlers.
Severity
Events triggered by this handler are given the severity: medium. (For details on severity levels, see Severity of Events Triggered by Handlers).
Recommendations for use
Only add this handler if you want to use the Requests Per IP Per Path Per Timeframe Per Application Event Source.
Attributes
| Attribute | Meaning |
|---|---|
|
timeframe |
Period of time that vWAF looks at. vWAF can continuously analyze the most recent 1, 5, 30 or 60 minutes. |
|
limit |
Number of requests on the path and ip4 range plus ip6 range within the given timeframe that are needed to trigger the event. |
|
ip4 range |
Determines the size of the IPv4 address range that vWAF looks at.
|
|
ip6 range |
Determines the size of the IPv6 address range that vWAF looks at.
|
|
usertext |
currently not used |
|
enable logging |
currently not used |
For details regarding entries added to the log file by this handler, see the relevant section in Entries in Application-Specific Log Files.