Activation of this type of protection triggers when one of the thresholds set in the configuration file /etc/dpi/fastdpi.conf is exceeded:
ddos_reqsec_threshold=300 ddos_reqsec_variation=5
where ddos_reqsec_threshold is the number of requests per second arriving at the protected site, usually set to the maximum observed under normal site operation. ddos_reqsec_variation is the allowed deviation in percent from the ddos_reqsec_threshold at which the protection is respectively enabled or disabled; it is set to avoid "flapping" and defaults to 5%.
ddos_pktsec_threshold=5000 ddos_pktsec_variation=5
where ddos_pktsec_threshold is the number of packets per second arriving at the protected site, usually set to the maximum observed under normal site operation. ddos_pktsec_variation is the allowed deviation in percent from the ddos_pktsec_threshold at which the protection is respectively enabled or disabled; it is set to avoid "flapping" and defaults to 5%.
If both parameters are set, ddos_reqsec_threshold takes priority and ddos_pktsec_threshold is ignored.
The CAPTCHA page used for verification is specified with:
ddos_check_server=www.server_name.ru/path/page.html? ddos_security_key=123567890
where ddos_security_key is the encryption key used to generate tokens indicating to the DPI that the verification was successfully passed.
Logging of protection events can be enabled with:
ddos_trace=1
A whitelist of trusted IP addresses can be pre-collected by analyzing the protected site's web server logs (script written manually or by support team) or from a log generated by the DPI itself.
The resulting list is loaded into the DPI with:
fdpi_ctrl load --service 8 --file ip_list.txt
where ip_list.txt contains the list of IPs. More information about fdpi_ctrl commands and data persistence can be found in Subscriber Management. In this context, subscribers refer to users of the protected site.