All Products
Search

This Product

    Performance Testing:What do I do if the stress testing traffic cannot access my web application due to security policies?

    Document Center

    Performance Testing:What do I do if the stress testing traffic cannot access my web application due to security policies?

    Last Updated:Oct 30, 2024

    Issue

    Your application does not expose its services to the Internet for security reasons, or you use Web Application Firewall (WAF). In this case, a large amount of stress testing traffic may trigger interception, blocking, and scrubbing. As a result, the stress testing traffic is blocked by WAF.

    Solutions

    Solution 1: Configure a header whitelist in WAF

    If the application to be tested uses WAF, you can configure a website whitelist rule in WAF based on the header to allow all stress testing requests of PTS. Perform the following steps:

    1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.

    2. In the left-side navigation pane, choose Protection Configuration > Basic Web Protection.

    3. Click the image.png icon on the left side of the whitelist, and then click Create Rule in the Actions column. In the dialog box that appears, create a website whitelist rule and set Match Condition to Header x-pts-test Exists.

    Note

    HTTP requests sent by PTS contain the x-pts-test header. Therefore, you must create a website whitelist rule and set Match Condition to Header x-pts-test Exists. For more information, see Configure a website whitelist.

    Solution 2: Obtain the IP address of the load generator and configure an IP address whitelist

    You can also add the IP address of the load generator to an IP address whitelist in the security policy. Note that the IP address for stress testing is not fixed. In this solution, you must reconfigure the IP address whitelist for each stress test. We recommend that you use Solution 1. To obtain the IP address of the load generator, perform the following steps:

    Start stress testing and obtain the IP address of the load generator. If you have created a stress testing scenario, you can choose Performance Testing > Scenarios in the left-side navigation pane. On the Scenarios page, find the scenario that you want to start and click Start in the Actions column.

    On the Executing Test page, view the IP address of the load generator.image

    If you use a shared resource pool, you cannot obtain the IP address of the load generator before you start stress testing. To configure a whitelist before the stress testing is started, you can specify the startup waiting time in the stress testing scenario based on the time required to configure the whitelist. Virtual Users Minutes (VUMs) are still consumed during the delayed release period. To configure the startup waiting time in PTS stress testing and JMeter stress testing, perform the following operations:

    • Configure the startup waiting time in PTS stress testing

      Add a delay release instruction to each business session. Specify the delay time based on the time required to configure the whitelist. For more information about how to add a delay release instruction, see Use a delay release instruction.

    • Configure the startup waiting time in JMeter stress testing

      1. In the JMeter test plan, right-click Test Plan and choose Add > Threads (Users) > setUp Thread Group to add the setUp thread group.rj

      2. In the setUp Thread Group panel, select Specify Thread lifetime and configure the startup delay of the setUp thread group to the expected waiting time, as shown in the following figure.ro