Restricting Malicious Requests in Promotions by Using Cookies and HWWAFSESID
This topic describes how to configure cookies and HWWAFSESID fields in CC attack protection rules to restrict malicious requests in promotions.
Application Scenarios
- Scenario 1: To steal extra bonus (such as goods in promotions or downloads), a malicious actor may use the same account to send requests to a website by changing IP addresses or terminals.
Protective measures: Using Cookies (or User IDs) to Configure a Path-based CC Attack Protection Rule
- Scenario 2: To steal extra bonus (such as goods in promotions or downloads), a malicious actor may use multiple accounts to send requests to a website through the same PC by frequently changing its IP address.
Protective measures: Using HWWAFSESID to Configure a CC Attack Protection Rule
Using Cookies (or User IDs) to Configure a Path-based CC Attack Protection Rule
- Log in to the management console and connect your website to WAF.
- Cloud mode: Creating a Domain Name
- Dedicated mode: Step 1: Add a Website to WAF (Dedicated Mode)
- In the Policy column of the row containing the domain name, click the number to go to the Policies page.
- In the CC Attack Protection configuration area, toggle CC Attack Protection on if needed. Then, click Customize Rule.
- In the upper left corner of the CC Attack Protection page, click Add Rule.
- Configure a CC attack protection rule using a cookie or user ID to limit traffic to the path. Figure 1 shows an example.
- Click Confirm.
Using HWWAFSESID to Configure a CC Attack Protection Rule
- Log in to the management console and connect your website to WAF.
- Cloud mode: Creating a Domain Name
- Dedicated mode: Step 1: Add a Website to WAF (Dedicated Mode)
- In the Policy column of the row containing the domain name, click the number to go to the Policies page.
- In the CC Attack Protection configuration area, toggle CC Attack Protection on () if needed. Then, click Customize Rule.
- In the upper left corner of the CC Attack Protection page, click Add Rule.
- Configure a CC attack protection rule using HWWAFSESID to limit traffic to the path. For details, see Figure 2.
- User Identifier: Select Cookie and set it to HWWAFSESID.
- Other parameters: Set them to meet your service requirements.
- Click Confirm.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot