Help Center/ Anti-DDoS Service/ User Guide/ CNAD Advanced (CNAD) Operation Guide/ Adding a Protection Policy/ Setting a Traffic Handling Policy Based on Fingerprint Features
Updated on 2024-12-24 GMT+08:00
View PDF
Share

Setting a Traffic Handling Policy Based on Fingerprint Features

You can configure a fingerprint filtering rule to match the content of a specified location in a data packet.

You can set actions for matched traffic, such as discarding, allowing, and rate limiting.

Enabling Fingerprint Filtering

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the navigation pane on the left, choose Cloud Native Anti-DDoS Advanced > Protection Policies. The Protection Policies page is displayed.
  4. Click Create Protection Policy.
  5. In the displayed dialog box, set the policy name, select an instance, and click OK.

    Figure 1 Creating a policy

  6. In the row containing the target policy, click Set Protection Policy in the Operation column.
  7. In the Fingerprint Filtering configuration area, click Set.

    Figure 2 Fingerprint filtering configuration box

  8. In the displayed Fingerprint Filtering Settings dialog box, click Create Fingerprint.
  9. In the displayed dialog box, set fingerprint parameters.

    Figure 3 Creating a fingerprint
    Table 1 Fingerprint parameters

    Parameter

    Description

    Fingerprint Name

    Enter the fingerprint rule name.

    Protocol

    Set the fingerprint protocol. The value can be UDP or TCP.

    Source Port

    Range of the fingerprint source port.

    Destination Port

    Range of the fingerprint destination port.

    Packet Length Filtering

    Length of the traffic packet to be filtered out.

    Packet Payload Characteristics
    • Test Load: Set the hexadecimal value of the detection payload.
    • Offset: Set the offset of the fingerprint.

    For instance, if the test load is 1234afee and the offset is 20, and the content from the 21st to 32nd bytes of the data area matches 1234afee, the packet is considered to match the fingerprint.

    Action

    Set the response action for matched traffic.

    • Allow: Allow traffic through.
    • Discard: Discard traffic.
    • Rate limiting (source): Requests from a specific source are limited. For example, if traffic from an IP address (or user) exceeds the rate limit you configured in this rule, CNAD will limit the traffic rate.
    • Allow & whitelist: Allow the traffic and add the fingerprint feature to the whitelist.
    • Discard & blacklist: Discard the traffic and add the fingerprint feature to the blacklist.
    • Rate Limit: Limits the traffic access rate.

  10. Click OK.

Follow-up Procedure

  • Locate the row that contains the target port and click Delete in the Operation column to delete the fingerprint filtering rule.
  • Locate the row that contains the target port, click Edit in the Operation column to modify the fingerprint filtering rule.
Parent Topic: Adding a Protection Policy