...
To avoid resource exhaustion and limit frauds, you can limit the query rate for each source IP, and then set Dropinterval to one second and Ratealgorithm to "rate limiting," which results in a rate-limiting behavior that allows some traffic to go through before the rest of the traffic is blocked. In this case, the appliance re-evaluates the client behavior every second. If the client traffic exceeds the rate limit, the appliance processes only queries up to the rate limit and drops all excessive queries for the remainder of the second.
For more information about how to configure Ratealgorithm, Packetspersecond and Dropinterval, see the following section, Configuration Examples.
| Note | ||
|---|---|---|
| ||
Starting with NIOS 8.6.x, the default for Ratealgorithm has been changed from "blocking" to "rate limiting." |
- Events per second: The number of events logged per second for the rule. Setting a value to 0 (zero) disables the appliance from logging events for the rule. Most rules have this parameter, and the default value is 1.
- Packet size: DNS packet size. If the DNS packet size exceeds a certain value, the corresponding rule will be triggered.
...