Updated on 2024-04-15 GMT+08:00

Managing Remote Backup Servers

By default, HSS backs up the files from the protected directories (excluding specified subdirectories and file types) to the local backup directory you specified when adding protected directories. To protect the local backup files from tampering, you must enable the remote backup function.

If a file directory or backup directory on the local server becomes invalid, you can use the remote backup service to restore the tampered web page.

Constraints

Only the servers that are protected by the HSS WTP edition support the operations described in this section.

Prerequisites

The following servers can be used as remote backup servers:

Linux servers whose Server Status is Running and Agent Status is Online

  • The remote backup function can be used when the Linux backup server is connected to your cloud server. To ensure a proper backup, you are advised to select a backup server on the same intranet as your cloud server.
  • You are advised to use intranet servers least exposed to attacks as the remote backup servers.

Adding a Remote Backup Server

  1. Log in to the management console.
  2. In the upper left corner of the page, click , select a region, and choose Security > Host Security Service.
  3. Choose Prevention > Web Tamper Protection, click Configure Protection.
  4. Click Settings under Protected Directory Settings.
  5. Click Manage Remote Backup. In the dialog box that is displayed, click Add Backup Server. For details, see Table 1.

    Table 1 Backup server parameters

    Parameter

    Description

    Address

    This address is the private network address of the server.

    Port

    Ensure that the port is not blocked by any security group or firewall or occupied.

    Backup Path

    Path of remote backup files.

    • If the protected directories of multiple servers are backed up to the same remote backup server, the data will be stored in separate folders named after agent IDs.

      Assume the protected directories of the two servers are /hss01 and hss02, and the agent IDs of the two servers are f1fdbabc-6cdc-43af-acab-e4e6f086625f and f2ddbabc-6cdc-43af-abcd-e4e6f086626f, and the remote backup path is /hss01.

      The corresponding backup paths are /hss01/f1fdbabc-6cdc-43af-acab-e4e6f086625f and /hss01/f2ddbabc-6cdc-43af-abcd-e4e6f086626f.

    • If WTP is enabled for the remote backup server, do not set the remote backup path to any directories protected by WTP. Otherwise, remote backup will fail.

  6. Click OK.

Enabling remote backup

  1. Log in to the management console.
  2. In the upper left corner of the page, click , select a region, and choose Security > Host Security Service.
  3. Choose Prevention > Web Tamper Protection, click Configure Protection.
  4. Click Settings under Protected Directory Settings.
  5. Click Enable Remote Backup and select a remote backup server.
  6. Click OK to start remote backup.

Follow-Up Procedure

Disabling remote backup

Exercise caution when performing this operation. If remote backup is disabled, HSS will no longer back up files in your protected directories.