Imperva Cyber Community

How to manage your DDoS threshold in Advanced DDoS Settings

  • 1.  How to manage your DDoS threshold in Advanced DDoS Settings

    Imperva Employee
    Posted 09-09-2020 11:18

    Hi everyone,

    In today's post, i'm going to write a little bit about our built in DDoS functionality within the Imperva CloudWAF

    Within WAF settings, you will find the DDoS field at the bottom of this section as below:

    The standard setting for DDoS mitigation out of the box is Automatic as this is the Imperva recommended setting, please do not change this.

    Now let's look at Advanced DDoS which you can see just below and how this needs to be managed.

    The standard threshold will be set at 1000 requests per second. Please note, this setting will remain static and it is likely that it will need to be changed manually from time to time in alignment with your websites expected traffic – it will not change automatically.

    For example, if you expect your website to have a spike in traffic due to a specific reason i.e. a marketing campaign is being launched by your business and more traffic will be expected as a result, you may need to adjust your DDoS threshold to ensure DDoS is not triggered prematurely. From another perspective, if you are expecting low traffic volumes in a specific month, it may be recommended to reduce your DDoS threshold otherwise DDoS may not be detected at all.

    As a rule of thumb, we recommend that your DDoS threshold is 50% higher than your expected traffic.

    For example, in the screenshot above, this application had 6,300 total requests on 26th August which is much higher than previous traffic trends. This may have been due to a marketing campaign which would lead to DDoS being triggered prematurely if this user did not change the threshold in advance.

    Let us know what questions you have on DDoS mitigation! Ask the Imperva Community!



    Michael Franklin
    Managed, Tech Touch Customer Success Management