Use these properties to monitor client behavior. These properties include properties for detections and mitigations that protect against bad behavior.

Table 1. Behavior Monitoring Properties
Property Description Default Value Dynamic
handshakeLifetime

Maximum time for TLS handshake, in seconds.

10 or 100 (See Handshake Monitoring.)

No

secureHandshakeDelay

Delay before TLS handshake when denylisting, in milliseconds.

0 (denylisting OFF)

No

insecureHandshakeDelay

Delay before non-TLS handshake when denylisting, in milliseconds.

0 (denylisting OFF)

No

requestTallyThreshold

Served HTTP requests per 30-second period for client denylisting.

50

No

tarPitGraceThreshold

Unserved HTTP requests per 30-second period for client denylisting.

3

No

secureBlacklist...

List of IP addresses on port 443 to reject immediately when denylisting.

n/a

Yes

insecureBlacklist...

List of IP addresses on port 80 to reject immediately when denylisting.

n/a

Yes

secureWhitelist...

List of IP addresses on port 443 to exclude from denylisting.

n/a

Yes

insecureWhitelist...

List of IP addresses on port 80 to exclude from denylisting.

n/a

Yes

Changes to dynamic entries take immediate effect, without a service restart.