Help Center/ Web Application Firewall/ Best Practices/ Defending Against Challenge Collapsar (CC) Attacks/ Restricting Malicious Requests in Promotions by Using Cookies and HWWAFSESID
Updated on 2024-11-01 GMT+08:00

Restricting Malicious Requests in Promotions by Using Cookies and HWWAFSESID

This topic describes how to configure cookies and HWWAFSESID fields in CC attack protection rules to restrict malicious requests in promotions.

Application Scenarios

Using Cookies (or User IDs) to Configure a Path-based CC Attack Protection Rule

  1. Log in to the management console and connect your website to WAF. For details, see Adding a Domain Name to WAF.

  2. In the Policy column of the row containing the domain name, click the number to go to the Policies page.
  3. In the CC Attack Protection configuration area, toggle CC Attack Protection on if needed.

    Figure 1 CC Attack Protection configuration area

  4. In the upper left corner of the CC Attack Protection page, click Add Rule.
  5. Configure a CC attack protection rule using a cookie or user ID to limit traffic to the path. Figure 2 shows an example.

    • Rate Limit Mode: Select Source and then Per user.
    • User Identifier: Select Cooke and enter the User ID as the key value.
    • Trigger: Set Field to Path, and set Logic and Content based on site requirements.
    • Other parameters: Set them to meet your service requirements.
    Figure 2 Configuring service cookies

  6. Click Confirm.

Using HWWAFSESID to Configure a CC Attack Protection Rule

HWWAFSESID: session ID. WAF inserts HWWAFSESID (session ID) into the cookie of a customer request. WAF uses this field to count client requests. If the number of requests reaches the threshold, the CC attack protection rule will be triggered. Now, let's see how to use this field to configure a CC attack protection rule.

  1. Log in to the management console and connect your website to WAF. For details, see Adding a Domain Name to WAF.

  2. In the Policy column of the row containing the domain name, click the number to go to the Policies page.
  3. In the CC Attack Protection configuration area, toggle CC Attack Protection on () if needed.

    Figure 3 CC Attack Protection configuration area

  4. In the upper left corner of the CC Attack Protection page, click Add Rule.
  5. Configure a CC attack protection rule using HWWAFSESID to limit traffic to the path. For details, see Figure 4.

    • Rate Limit Mode: Select Source and then Per user.
    • User Identifier: Select Cookie and set it to HWWAFSESID.
    • Trigger: Set Field to Path, and set Logic and Content based on site requirements.
    • Other parameters: Set them to meet your service requirements.
    Figure 4 HWWAFSESID-based rate limiting

  6. Click Confirm.