Enabling Application Protection

Technical Principles

Probes (monitoring and protection code) are added to the checkpoints (key functions) of applications through dynamic code injection. The probes identify attacks based on predefined rules, data passing through the checkpoints, and contexts (application logic, configurations, data, and event flows).

Prerequisites

You have enabled HSS premium, WTP, or container edition.

Constraints

• Currently, only Linux servers are supported.
• So far, only Java applications can be protected.
• The premium, WTP, and container editions support operations related to application protection.

Procedure

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
3. Choose Prevention > Application Protection. Click the Protected Servers tab.
   

   If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

   Figure 1 Viewing protection settings
   

4. Click Add Server. Select servers in the dialog box that is displayed.
   

   You can select a default security policy or create a security policy.

   Figure 2 Selecting the target server and policy
   

5. Click Add and Enable Protection.
6. On the Protected Servers tab, click the status in the RASP Protection column.
   Figure 3 Viewing the progress of enabling protection
   

7. Check the RASP software installation progress. Wait until the message "Installation completed." is displayed.
   Figure 4 Installation completed
   

8. Log in to the server, go to the Spring Boot startup path, and copy the parameters from the Configure Startup Parameters step to the command box.
   Figure 5 Configuring startup parameters
   

9. Restart the microservice to apply the protection settings.
10. On the Protected Servers tab, check the protection status in the Microservice Protection column. If the status is Active, the protection has been enabled.