Skip to main content
NetApp Knowledge Base

CONTAP-693736: RFE - Implement a denial of service attack detection and mitigation for Apache server in ONTAP

  1. Last updated
  2. Save as PDF
Views:
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
CORE
Last Updated:

Issue

  • When AD domain authentication goes down, the initial impact is expected for AD users. However, repeated HTTP authentication attempts from AD users caused excessive load on the HTTP server, which then started affecting local ONTAP user authentication as it lead to a DoS for HTTP server.
  • While AD was down ONTAP was not able to accommodate HTTP users domain authentications. This impacted all HTTP ONTAP users access. For local users as well.
  • Local user authentication RPC timeout:
    [dot:error] [pid 9664:tid 34404081664] [client 10.xx.xx.xx:44034] [vserver ID yyyy] [service ontapi] Authentication error (user user1): Failed to invoke RPC with uncached client: RPC: Timed out; netid=tcp fd=154 TO=25.0s TT=25.000s O=152b I=0b CN=4133812/1 VSID=3 127.0.0.1:58686 <> 127.0.0.1:910
  • AD user RPC timeout
    [dot:error] [pid 9664:tid 34403943424] [client 10.xx.xx.xxx:42393] [vserver ID yyyyy] [service rest] Authentication error (user AD_user
    ): Failed to invoke RPC with uncached client: RPC: Timed out; netid=tcp fd=24 TO=25.0s TT=24.999s O=164b I=0b CN=4133817/1 VSID=3 127.0.0.1:58728 <> 127.0.0.1:910
  • This enhancement is to answer the following questions:

    • Can ONTAP  distinguish an AD domain outage from a genuine attack condition and limit the impact to AD-authenticated users only.
    • Is there any way to prevent local ONTAP user authentication from being affected by this condition when the issue is specifically an AD authentication backend failure rather than a real malicious attack?

 
 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.