eG Help

In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

This is where we can use HTTP DoS protection. HTTP DoS protection allows NetScaler to respond with a JavaScript challenge to incoming HTTP requests. Since a HTTP DoS attack is typically done using a cluster of many nodes running a scripted attack, these nodes do not support any form of JavaScript request; therefore, when they cannot respond to the JavaScript challenge, NetScaler closes the connection. Regular users surfing with a regular browser support JavaScript and are therefore granted access.

Typically, the HTTP DOS Protection feature gets activated when the number of outstanding HTTP service requests (i.e., queue depth( on the system is lower than a configured value. Once activated, the HTTP DOS Protection policy is then automatically applied to the configured percentage of HTTP requests from clients - if this percentage is 100, then the policy is applied to all HTTP requests received from clients. In this case therefore, NetScaler will respond with a JavaScript challenge to all incoming requests.

Where HTTP DOS Protection is at play, it is only natural that administrators prefer to be notified every time the policy is triggered, and also be informed of the number of clients that are allowed access as per the policy. This will help them review the DOS protection settings, and figure out if they need to be tweaked. To achieve this, administrators can use the CtxNsHttpDosTest.

This test alerts administrators if the condition that is set for triggering DOS protection is fulfilled. In which case, the test reports the count of HTTP clients for which NetScaler's DOS protection feature allowed service access. Additionally, the test also reports the number of clients that NetScaler's Priority Queuing feature has granted DOS priority to.

Outputs of the test: One set of results for the Citrix ADC VPX/MPX appliance being monitored.

Measurement	Description	Measurement Unit	Interpretation
Dos_condition_triggered	Indicates the number of times during the last measurement period the NetScaler appliance triggered the DOS JavaScript due to a condition match.	Number	A non-zero value for this measure indicates that the queue depth has fallen below the configured threshold limit, activating the HTTP DOS Protection feature.
Valid_dos_clients	Indicates the number of clients from NetScaler appliance that received a valid DOS cookie during the last measurement period	Number
Dos_priority_clients	Indicates the number of valid clients that were given DOS priority during the last measurement period.	Number	The Surge Protection, and Priority Queuing features help manage DOS attacks. When a protected website or application receives too many requests at once, the Surge Protection feature detects the overload and queues the excess connections til the server can accept them. The Priority Queuing feature ensures that whoever most needs access to a resource is provided access without having to wait behind other lower- priority requests.