WTP Overview
Web Tamper Protection (WTP) can detect and prevent tampering of files in specified directories, including web pages, documents, and images, and quickly restore them using valid backup files.
Constraints and Limitations
Ensure that the WTP edition has been enabled for the server. For details about how to purchase HSS and enable the WTP edition, see Purchasing HSS Quota and Enabling Web Tamper Protection.
How WTP Prevents Web Page Tampering
WTP supports static and dynamic web page protection. How WTP works shows the protection mechanism.
Protection Type |
Mechanism |
---|---|
Static web page protection |
|
Dynamic web page protection |
The Huawei-proprietary RASP can detect application program behaviors, prevent attackers from tampering with web pages through application programs, and provide self-protection in Tomcat application runtime. |
Process of Using WTP
Operation |
Description |
---|---|
After the WTP edition is enabled, static WTP and other protection functions are enabled automatically. |
|
Static WTP protects specified directories. You need to configure static WTP directories. |
|
(Optional) Configuring Remote Backup |
By default, for Linux servers, HSS backs up files in the protected directories to the local backup paths you specified when adding protected directories. To prevent the local backup from being damaged by attackers, you can configure remote backup to protect web page backup data. |
(Optional) Enabling Dynamic WTP |
For Linux servers, HSS provides runtime application self-protection (RASP) for Tomcat applications. You can enable dynamic WTP for Tomcat applications as required. |
Tamper events that occur during web tamper protection are recorded and displayed in the event list. |
|
After static WTP is enabled, the content in the protected directory is read-only and cannot be modified. To modify a protected file, you can add a privileged process. |
|
Not all OS kernel versions support privileged processes and each server can add up to 10 privileged processes. For OSs that do not support privileged processes, you can set periodic static WTP and update websites while WTP is automatically disabled. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.