Session tracking will enable the Barracuda Web Application Firewall to limit the number of sessions originating from a particular client IP address in a given interval of time. Limiting the session generation rate by client IP helps prevent session-based Denial of Service (DoS) attacks.
To configure Session tracking you need to go to Websites > Advanced Security > Session Tracking and click on 'Edit' for the service to which we need to enable Session tracking.
New Session Count - Specifies the maximum number of new sessions allowed per IP address in a given time interval (specified below).
Range: 1 - 65535
Interval - Specifies a time window in seconds. Within this time period, the same client will not be allowed to establish more sessions than that specified in the 'New Session Count' parameter above.
Range: 1 - 6000 seconds
Status - Set this parameter to On to activate session tracking to limit the requests originating from a particular client IP address in a given interval of time for this service..
Session Identifiers - Select the token type which is used to recognize sessions.
Exception Clients: Specify the IP addresses that should be exempted (not locked out). You can enter a single, or a range of IP addresses, or a combination of both with comma (,) as a delimiter. The range of IP addresses must be separated with a hyphen (-). This makes an exception list of client IPs (permitted users). This list should not have any overlapping IP ranges.
Values: Suitable IP Range
Link to this page: