Preventing Bonus Hunting by Configuring Service Cookies and System IDs
This topic introduces how to configure service cookies and system IDs to restrict malicious bonus hunting and downloads.
Application Scenarios
- Scenario 1: To steal extra bonus (such as goods in promotions or downloads), a malicious actor may use the same account to send requests to a website by changing IP addresses or terminals.
Protective measures: Using Cookies (or User IDs) to Configure a Path-based CC Attack Protection Rule
- Scenario 2: To steal extra bonus (such as goods in promotions or downloads), a malicious actor may use multiple accounts to send requests to a website through the same PC by frequently changing its IP address.
Protective measures: Using a System ID to Configure a Path-based CC Attack Protection Rule
Using Cookies (or User IDs) to Configure a Path-based CC Attack Protection Rule
- Log in to the management console.
- Click
in the upper left corner of the page and choose .
- In the navigation pane on the left, choose Website Settings page is displayed. . The
- In the Policy column of the row containing the target domain name, click the number of enabled protection rules. On the page displayed, confirm that the status of CC attack protection is enabled (
) and click Customize Rule.
Figure 1 CC Attack Protection configuration area - In the upper left corner of the CC Attack Protection page, click Add Rule. Use service cookies to configure the CC attack rate limit mode based on paths. Enter the service cookie or user ID. For details, see Figure 2.
- Click Confirm.
Using a System ID to Configure a Path-based CC Attack Protection Rule
- Log in to the management console.
- In the navigation pane on the left, choose Website Settings page is displayed. . The
- In the Policy column of the row containing the target domain name, click the number of enabled protection rules. On the page displayed, confirm that the status of CC attack protection is enabled (
) and click Customize Rule.
Figure 3 CC Attack Protection configuration area - In the upper left corner of the CC Attack Protection page, click Add Rule. Configure a CC attack protection rule using system ID like HWSESID to limit traffic to the path. Figure 4 shows an example rule.
- Click Confirm.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot