R0106-HP MSR Router Series Security Command Reference(V7)
566
Usage guidelines
Enable HTTP client verification on the interface that connects to the external network. This function
protects internal HTTP servers against HTTP flood attacks.
To configure the HTTP client verification to collaborate with HTTP flood attack prevention, specify
client-verify as the HTTP flood attack prevention action. In collaboration, upon detecting an HTTP flood
attack, the device adds the victim IP addresses to the protected IP list and verifies the suspected sources.
You can use the display client-verify http protected ip command to display the protected IP list for HTTP
client verification.
Examples
# Enable HTTP client verification on interface GigabitEthernet 2/1/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 2/1/1
[Sysname-GigabitEthernet2/1/1] client-verify http enable
Related commands
• client-verify http protected ip
• display client-verify http protected ip
client-verify protected ip
Use client-verify protected ip to specify an IPv4 address to be protected by the client verification function.
Use undo client-verify protected ip to remove an IPv4 address protected by the client verification
function.
Syntax
client-verify { dns | http | tcp } protected ip destination-ip-address [ vpn-instance vpn-instance-name ]
[ port port-number ]
undo client-verify { dns | http | tcp } protected ip destination-ip-address [ vpn-instance
vpn-instance-name ] [ port port-number ]
Default
The client verification function does not protect any IPv4 addresses.
Views
System view
Predefined user roles
network-admin
Parameters
dns: Specifies the DNS client verification function.
http: Specifies the HTTP client verification function.
tcp: Specifies the TCP client verification function.
destination-ip-address: Specifies the IPv4 address to be protected. All connection requests destined for
this address are verified by the client verification function.