Help Center/ Edge Security/ Best Practices/ CC Attack Protection/ IP Address-based Rate Limiting
Updated on 2024-10-31 GMT+08:00

IP Address-based Rate Limiting

Attack Example

Attackers can use several hosts to continuously send HTTP POST requests to website www.example.com. Those malicious requests will use up website resources, such as the website connections and bandwidth. As a result, the website fails to respond normal requests and its competitiveness decreases sharply.

Protective Measures

  1. Based on the access statistics, check whether a large number of requests are sent from a specific IP address. If yes, it is likely that the website is hit by CC attacks.
  2. Log in to the management console.
  3. Click in the upper left corner of the page and choose Content Delivery & Edge Computing > CDN and Security.
  4. In the navigation pane on the left, choose Website Setting under Edge Security.
  5. In the Policy column of the row containing the target domain name, click the number of enabled protection rules. On the page displayed, confirm that the status of CC attack protection is enabled () and click Customize Rule.
    Figure 1 CC Attack Protection configuration area
  6. Then, customize a CC attack protection rule. In the upper left corner of the page, click Add Rule. In the displayed dialog box, specify the path and rule name, and set Rate Limit Mode to Per IP address, Rate Limit based on service features, and Protective Action to Verification code to prevent blocking legitimate users.
    • Rate Limit Mode: Select Source and then Per IP address to distinguish a single web visitor based on IP addresses.
    • Rate Limit: Number of requests allowed from a website visitor in the rate limiting period. The visitor's access request is denied if the limit is reached.
    • Protective Action: To prevent legitimate requests from being blocked, select Verification code.
      • Verification code: EdgeSec allows requests that trigger the rule as long as your website visitors complete the required verification. Currently, cerification code supports English.
      • Block: EdgeSec blocks requests that trigger the rule.
      • Log only: EdgeSec only logs requests that trigger the rule.

    If the number of access requests exceeds the configured rate limit, the visitors are required to enter a verification code to continue the access.

  7. Go to the Events page, view details about attack events. For details, see Viewing Events.