Help Center/ Edge Security/ Best Practices/ CC Attack Protection/ Cookie-based CC Attack Protection
Updated on 2025-03-04 GMT+08:00

Cookie-based CC Attack Protection

Attack Examples

Attackers may control several hosts and disguise as normal visitors to continuously send HTTP POST requests to website www.example.com through the same IP address or many different IP addresses. As a result, the website may respond slowly or even fails to respond to normal requests as the attackers exhausted website resources like connections and bandwidth.

Protective Measures

  1. Based on the access statistics, check whether a large number of requests are sent from a specific IP address. If yes, it is likely that the website is hit by CC attacks.
  2. Log in to the management console.
  3. Click in the upper left corner of the page and choose Content Delivery & Edge Computing > CDN and Security.
  4. In the navigation pane on the left, choose Edge Security > Website Settings. The Website Settings page is displayed.
  5. In the Policy column of the row containing the target domain name, click the number of enabled protection rules. On the page displayed, confirm that the status of CC attack protection is enabled () and click Customize Rule.
    Figure 1 CC Attack Protection configuration area
  6. In the upper left corner of the CC Attack Protection page, click Add Rule, set Rate Limit Mode to Cookie, and enter a field name.

    With a CC attack protection rule, you can set Protective Action to Block and specify Block Duration. Then, once an attack is blocked, the attacker will be blocked until the block duration expires. These settings are recommended if your applications have high security requirements.

    Figure 2 Per user
    • Rate Limit Mode: Select Cookie to distinguish a single web visitor based on the cookie.
    • Rate Limit: Number of requests allowed from a website visitor in the rate limiting period. The visitor's access request is denied if the limit is reached.
    • Protective Action: Select Block. Once an attack is blocked, the attacker will be blocked until the block duration expires. These settings are recommended if your applications have high security requirements.
      • Verification code: EdgeSec allows requests that trigger the rule as long as your website visitors complete the required verification. Currently, verification code supports English.
      • Block: EdgeSec blocks requests that trigger the rule.
      • Log only: EdgeSec only logs requests that trigger the rule.
    • Block Page: Select Default settings or Custom.