Connection Servers have finite resources available to handle requests from clients, and misbehaving clients can tie up those resources, preventing others from being serviced. Client behavior monitoring is a class of detections and mitigation that protect against bad behavior.
Handshake Monitoring TLS handshakes on port 443 must complete within a configurable period, otherwise they will be forcibly terminated. By default, this period is 10 seconds. If smart card authentication is enabled, TLS handshakes on port 443 can complete within 100 seconds.
Request Reception Monitoring HTTP requests must be fully received within 30 seconds, otherwise the connection will be forcibly terminated.
Request Counting A single client is not expected to send more than 100 HTTP requests per minute, although by default no action is taken if this threshold is exceeded.
Client Blacklisting This type of protection is disabled by default because it can reduce performance and frustrate users if it is not correctly configured. Do not enable client blacklisting if using a gateway, such as a Unified Access Gateway appliance, which presents all client connections as the same IP address.
Behavior Monitoring Properties Use these properties to monitor client behavior. These properties include properties for detections and mitigations that protect against bad behavior.