Configuring Security Access Policies

This section describes how to enable security access policies to deny certain access requests during the designated period, ensuring normal system operation and system security.

Procedure

  1. Choose Settings > Object Service Settings > Security Settings > Security Access Policy.
  2. Configure security access policy parameters.

    1. Select and enable the required security access policies.

      Security access policies include:

      • Access Key and IP Access Policy: If within a statistical period, the number of access failures of an access key through an IP address is larger than or equal to the access failure threshold, and the ratio of access failures to total accesses is larger than or equal to the access failure rate threshold, services are denied for the access key through this IP address.
      • Access Key Policy: If within a statistical period, the number of access failures of an access key is larger than or equal to the access failure threshold, and the ratio of access failures to total accesses is larger than or equal to the access failure rate threshold, services are denied for the access key.
      • IP Access Policy: If within a statistical period, the number of access failures of an IP address is larger than or equal to the access failure threshold, and the ratio of access failures to total accesses is larger than or equal to the access failure rate threshold, services are denied for the IP address.
    2. Configure the security access policies. Table 1 describes related parameters.
      Table 1 Security access policy parameters

      Parameter

      Description

      Statistical Time Interval (seconds)

      Within the specified time, the system checks whether the access complies with the security access policy. If yes, services for the access are denied. The value ranges from 1 to 300.

      Service Denial Time (minutes)

      Calculates the time for the denial of service and is used as the baseline for the denial of service. The value ranges from 1 to 30.

      Threshold for Access Failures

      One of the conditions for triggering the denial of service is as follows: The number of access failures exceeds the threshold. The value ranges from 1 to 999999999.

      Threshold for Access Failure Rate (%)

      One of the conditions for triggering the denial of service is as follows: The ratio of the number of access failures to the total number of access times is greater than the threshold for access failure rate. The value ranges from 1 to 99.

  3. Click Save.

Follow-up Procedure

After configuring or modifying security access policies, you need to synchronize the modification to other clusters in the same region.

Parent topic: Configuring Security Settings