DoS Attack Log
CC(Challenge Collapsar) attack is a kind of DoS attack, which is a Dos attack on the WEB application layer, using a proxy server to send a large number of seemingly legitimate requests to the victim server.
Enable DoS log
Enable DoS log in
Global Config > Log:
Enable DoS log switch to enable DoS log.
Usually, the number of DoS attack requests is relatively large, so it is generally not recorded for each request, and the recording interval is controlled by
DoS log rate limit.
When no attack request arrives beyond the time specified by
Expiration time of DoS protection statistics, the statistics of protection count will be reset to zero, and the number of protection statistics will be used in dynamic metrics.
Usually, the client address or some other information is used as the identifier of the same request source, and these identifiers are stored in the shared memory specified by
DoS log rate limit shared memory size.
The log will not be flushed to the file immediately, and will only be written to the log file when the
Buffer is full or the
Flushing time is reached.
Check DoS log
Let’s simulate a DoS attack first to generate some DoS logs.
First set the page rules. For the convenience of testing, we set 1 request per minute:
Then send attack requests continuously:
curl 'http://test.com' curl 'http://test.com'
The second request will be rejected and a DoS log will be generated at the same time, check it in
Application > DoS Logs: