Help Center/ Edge Security/ Best Practices/ CC Attack Protection/ Cookie-based CC Attack Protection
Updated on 2024-10-31 GMT+08:00

Cookie-based CC Attack Protection

Attack Examples

Attackers may control several hosts and disguise as normal visitors to continuously send HTTP POST requests to website www.example.com through the same IP address or many different IP addresses. As a result, the website may respond slowly or even fails to respond to normal requests as the attackers exhausted website resources like connections and bandwidth.

Protective Measures

  1. Based on the access statistics, check whether a large number of requests are sent from a specific IP address. If yes, it is likely that the website is hit by CC attacks.
  2. Log in to the management console.
  3. Click in the upper left corner of the page and choose Content Delivery & Edge Computing > CDN and Security.
  4. In the navigation pane on the left, choose Website Setting under Edge Security.
  5. In the Policy column of the row containing the target domain name, click the number of enabled protection rules. On the page displayed, confirm that the status of CC attack protection is enabled () and click Customize Rule.
    Figure 1 CC Attack Protection configuration area
  6. In the upper left corner of the CC Attack Protection page, click Add Rule. In the displayed dialog box, set Rate Limit Mode and specify User Identifier in the Cookie field.

    With a CC attack protection rule, you can set Protective Action to Block and specify Block Duration. Then, once an attack is blocked, the attacker will be blocked until the block duration expires. These settings are recommended if your applications have high security requirements.

    Figure 2 Per user
    • Rate Limit Mode: Select Source and then Per user to distinguish a single web visitor based on cookies.
    • User Identifier: Enter a user identifier, which is the variable name in the Cookie field.
    • Rate Limit: Number of requests allowed from a website visitor in the rate limiting period. The visitor's access request is denied if the limit is reached.
    • Protective Action: Select Block. Then specify Block Duration. Once an attack is blocked, the attacker will be blocked until the block duration expires. These settings are recommended if your applications have high security requirements.
      • Verification code: EdgeSec allows requests that trigger the rule as long as your website visitors complete the required verification. Currently, cerification code supports English.
      • Block: EdgeSec blocks requests that trigger the rule.
      • Log only: EdgeSec only logs requests that trigger the rule.
    • Block Page: Select Default settings or Custom.