During one of our Zimbra 8.6 deployment projects customer start having intermittent issue with users not being able to login to web interface with error “Network service error occurred”
su zimbra zmprov ms `zmhostname` zimbraInvalidLoginFilterMaxFailedLogin 0 zmprov mcf zimbraInvalidLoginFilterMaxFailedLogin 0 zmmailboxdctl restart
The reason we get this error is because starting ZIMBRA 8.0 new DoSFilter was added to prevent denial of service attacks and throttle clients sending a large number of requests over a very short period of time. It is enabled by default.
The following configuration options are available.
DoSFilter Delay (milliseconds) – zimbraHttpDosFilterDelayMillis
Delay imposed on all requests over the rate limit, before they are considered at all. -1 = Reject request, 0 = No delay, any other value = Delay in ms. The default is -1.
To modify in the global configuration; e.g. set the delay to 20ms:
zmprov mcf zimbraHttpDosFilterDelayMillis 20
DoSFilter Maximum Requests Per Second – zimbraHttpDosFilterMaxRequestsPerSec
Maximum number of requests from a connection per second. Requests in excess of this are throttled. The default is 30 and the minimum is 1.
To set the maximum number for requests in the global configuration:
zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 100
A mailbox server restart is required when modifying these attributes.