Use these properties to monitor client behavior. These properties include properties for detections and mitigations that protect against bad behavior.

Table 1. Behavior Monitoring Properties

Property

Description

Default Value

Dynamic

handshakeLifetime

Maximum time for TLS handshake, in seconds.

10 or 100 (See Handshake Monitoring.)

No

secureHandshakeDelay

Delay before TLS handshake when blacklisting, in milliseconds.

0 (blacklisting OFF)

No

insecureHandshakeDelay

Delay before non-TLS handshake when blacklisting, in milliseconds.

0 (blacklisting OFF)

No

requestTallyThreshold

Served HTTP requests per 30-second period for client blacklisting.

50

No

tarPitGraceThreshold

Unserved HTTP requests per 30-second period for client blacklisting.

3

No

secureBlacklist...

List of IP addresses on port 443 to reject immediately when blacklisting.

n/a

Yes

insecureBlacklist...

List of IP addresses on port 80 to reject immediately when blacklisting.

n/a

Yes

secureWhitelist...

List of IP addresses on port 443 to exclude from blacklisting.

n/a

Yes

insecureWhitelist...

List of IP addresses on port 80 to exclude from blacklisting.

n/a

Yes

Changes to dynamic entries take immediate effect, without a service restart.