{{tag>Services "Service 8" "DDOS Protection"}}
====== Protection Parameters Configuration ======
{{indexmenu_n>2}}

<note tip>The service can be configured via the GUI. [[dpi:dpi_components:dpiui:user_guide:ssg_control_section:services#ddos_protection|Guide]]</note>

Activation of this type of protection triggers when one of the thresholds set in the configuration file ///etc/dpi/fastdpi.conf// is exceeded:
<code>
ddos_reqsec_threshold=300
ddos_reqsec_variation=5
</code>
where ddos_reqsec_threshold is the number of requests per second arriving at the protected site, usually set to the maximum observed under normal site operation.  
ddos_reqsec_variation is the allowed deviation in percent from the ddos_reqsec_threshold at which the protection is respectively enabled or disabled; it is set to avoid "flapping" and defaults to 5%.

<code>
ddos_pktsec_threshold=5000
ddos_pktsec_variation=5
</code>
where ddos_pktsec_threshold is the number of packets per second arriving at the protected site, usually set to the maximum observed under normal site operation.  
ddos_pktsec_variation is the allowed deviation in percent from the ddos_pktsec_threshold at which the protection is respectively enabled or disabled; it is set to avoid "flapping" and defaults to 5%.

If both parameters are set, ddos_reqsec_threshold takes priority and ddos_pktsec_threshold is ignored.

The CAPTCHA page used for verification is specified with:
<code>
ddos_check_server=www.server_name.ru/path/page.html?
ddos_security_key=123567890
</code>
where ddos_security_key is the encryption key used to generate tokens indicating to the DPI that the verification was successfully passed.

Logging of protection events can be enabled with:
<code>
ddos_trace=1
</code>

A whitelist of trusted IP addresses can be pre-collected by analyzing the protected site's web server logs (script written manually or by support team) or from a log generated by the DPI itself.

The resulting list is loaded into the DPI with:
<code>
fdpi_ctrl load --service 8 --file ip_list.txt
</code>
where ip_list.txt contains the list of IPs.  
More information about fdpi_ctrl commands and data persistence can be found in [[dpi:dpi_components:platform:subscriber_management|Subscriber Management]]. In this context, subscribers refer to users of the protected site.