Installation guide
Additional Information
21
BLACKLIST FOR WEB INTERFACE ATTACKS
A security enhancement has been implemented in 4.0.0 SP1 whereby when the phone detects
an attack on its Web UI, it will automatically blacklist the IP of the attacker. By default, when
the initial attack is detected by the phone, access will be denied for 10 minutes. After the blacklist
period expires, if another attack is detected from the same IP, access will be denied for 20
minutes and every attack thereafter will trigger the blacklist again for incrementally larger
durations (i.e. 30 minutes, 1 hour, and 10 hours).
Administrators have the option of defining the maximum blacklist duration using the “web
interface blacklist duration” parameter. By configuring this parameter, administrators can set
the maximum amount of time the IP of the offending attacker will remain on the blacklist.
Configuring the Maximum Blacklist Duration
Use the following parameter to configure the maximum blacklist duration.
PARAMETER
web interface blacklist
duration
CONFIGURATION FILES
startup.cfg, <model>.cfg, <mac>.cfg
DESCRIPTION Specifies the maximum amount of time, in seconds, that the IP of the
phone’s Web UI attacker will remain on the blacklist.
FORMAT Integer
DEFAULT VALUE 3600 (1 hour)
RANGE 0 - 9999999 (seconds)
Note: A value “0” will disable the blacklist feature.
EXAMPLE web interface blacklist duration: 600