Updated on 2024-02-29 GMT+08:00


This section guides you through configuring IP address-based rate limiting and cookie-based protection rules against Challenge Collapsar (CC) attacks.

How Can We Know Whether a CC Attack Occurs?

If you find that the website processing speed decreases and the network bandwidth usage is high, your website may suffer from CC attacks. In this case, check whether the number of access logs or network connections increases significantly. If yes, your website is suffering from CC attacks. Then you can configure a protection rule to protect your website from CC attacks.

  • WAF protects application-layer traffic against DoS attacks, such as HTTP GET attacks.
  • WAF does not protect your website at or below layer 4 against DDoS traffic, such as ACK Flood and UDP flood attacks. Anti-DDoS and Advanced Anti-DDoS (AAD) are recommended to defend against such attacks.