DoS Attack Log

CC(Challenge Collapsar) attack is a kind of DoS attack, which is a Dos attack on the WEB application layer, using a proxy server to send a large number of seemingly legitimate requests to the victim server.

Enable DoS log

Enable DoS log in Global Config > Log:

Click the Enable DoS log switch to enable DoS log. Usually, the number of DoS attack requests is relatively large, so it is generally not recorded for each request, and the recording interval is controlled by DoS log rate limit. When no attack request arrives beyond the time specified by Expiration time of DoS protection statistics, the statistics of protection count will be reset to zero, and the number of protection statistics will be used in dynamic metrics. Usually, the client address or some other information is used as the identifier of the same request source, and these identifiers are stored in the shared memory specified by DoS log rate limit shared memory size. The log will not be flushed to the file immediately, and will only be written to the log file when the Buffer is full or the Flushing time is reached.

Check DoS log

Let’s simulate a DoS attack first to generate some DoS logs.

First set the page rules. For the convenience of testing, we set 1 request per minute:

Then send attack requests continuously:

curl ''
curl ''

The second request will be rejected and a DoS log will be generated at the same time, check it in Application > DoS Logs: