Activation of this type of protection triggers when one of the thresholds set in the configuration file /etc/dpi/fastdpi.conf is exceeded:

ddos_reqsec_threshold=300
ddos_reqsec_variation=5

where ddos_reqsec_threshold is the number of requests per second arriving at the protected site, usually set to the maximum observed under normal site operation. ddos_reqsec_variation is the allowed deviation in percent from the ddos_reqsec_threshold at which the protection is respectively enabled or disabled; it is set to avoid "flapping" and defaults to 5%.

ddos_pktsec_threshold=5000
ddos_pktsec_variation=5

where ddos_pktsec_threshold is the number of packets per second arriving at the protected site, usually set to the maximum observed under normal site operation. ddos_pktsec_variation is the allowed deviation in percent from the ddos_pktsec_threshold at which the protection is respectively enabled or disabled; it is set to avoid "flapping" and defaults to 5%.

If both parameters are set, ddos_reqsec_threshold takes priority and ddos_pktsec_threshold is ignored.

The CAPTCHA page used for verification is specified with:

ddos_check_server=www.server_name.ru/path/page.html?
ddos_security_key=123567890

where ddos_security_key is the encryption key used to generate tokens indicating to the DPI that the verification was successfully passed.

Logging of protection events can be enabled with:

ddos_trace=1

A whitelist of trusted IP addresses can be pre-collected by analyzing the protected site's web server logs (script written manually or by support team) or from a log generated by the DPI itself.

The resulting list is loaded into the DPI with:

fdpi_ctrl load --service 8 --file ip_list.txt

where ip_list.txt contains the list of IPs. More information about fdpi_ctrl commands and data persistence can be found in Subscriber Management. In this context, subscribers refer to users of the protected site.