1. Configuration Guide
  2. Personal Profile Manager
  3. Dynamic ACL for the HTTP-ALG
  4. Enable Dynamic ACL for the HTTP ALG

Enable Dynamic ACL for the HTTP ALG

The dynamic ACL settings provide Distributed Denial of Service (DDoS) attack protection for the HTTP port.

Confirm that the session manager is mapped to the Oracle® Enterprise Session Border Controller.
Two ACL entries are required for each registered telephone, where one entry is used for SIP traffic and one is used for HTTP-ALG traffic.

Note:

Enabling dynamic access control for HTTP-ALG traffic reduces the number of available dynamic ACL entries on the session border controller, which may reduce the number of concurrent trusted endpoints that the system can support.
  1. From the command line, type configure terminal, and press ENTER.
  2. Type session-router, and press ENTER.
  3. Type http-alg, and press ENTER.
    The system displays a list of configured HTTP-ALG objects.
  4. Type the number of the HTTP-ALG object that you want to edit, and press ENTER.
    The system displays the configuration values for the selected object.
  5. Type dynamic-acl enabled, and press ENTER.
  6. Optional. Type max-incoming-conns <value>, and press ENTER to set the maximum number of connections per peer IP address.
  7. Optional. Type per-src-ip-max-incoming-conns <value>, and press ENTER to set the maximum number of HTTP connections per peer IP address.
  8. Type Done, and press ENTER to save the HTTP-ALG values.
    The system displays the HTTP-ALG configuration.
  9. Exit, Save, and Activate the configuration.