WTP Overview
What Is Web Tamper Protection?
If your websites and applications have vulnerabilities, attackers can exploit them to obtain permissions, tamper with web pages or put hidden links on websites to spread malicious information. This may lead to information leak, website interruption, economic loss, bad brand image, and even lawsuits.
Web Tamper Protection (WTP) uses technologies to prevent tampering and protect website integrity.
The HSS WTP can detect and prevent tampering of files in specified directories, including web pages, documents, and images, and quickly restore them using valid backup files.
How WTP Prevents Web Page Tampering
WTP supports static and dynamic web page protection. How WTP works shows the protection mechanism.
Protection Type |
Mechanism |
---|---|
Static web page protection |
|
Dynamic web page protection |
The Huawei-proprietary RASP can detect application program behaviors, prevent attackers from tampering with web pages through application programs, and provide self-protection in Tomcat application runtime. |
Scenarios
WTP can protect sensitive website data in diverse scenarios, for example:
- Government institutions release important policy information, laws, and regulations on websites.
- Financial websites provide information and services of banks, securities companies, and other financial institutions.
- E-commerce platforms release product information, prices, and promotional activities.
- News websites release news.
- Companies and institutions put their overview, product introduction, and service information on websites.
WTP protects websites from being tampered with, ensuring information correctness and integrity.
Constraints
- Web tamper protection is available only in the HSS WTP edition. For details about how to purchase HSS and enable the WTP edition, see Purchasing an HSS Quota and Enabling Web Tamper Protection.
- Currently, dynamic WTP can only protect Tomcat applications using JDK 8, JDK 11, and JDK 17.
- After WTP is enabled, the files and folders in the protected directory are set to read-only to prevent unauthorized modification. You can configure privileged processes to modify them. The privileged process function is compatible with Linux and Windows. However, Linux only supports kernel versions 5.10 or later.
Process of Using WTP

Operation |
Description |
---|---|
Enable the WTP edition to enjoy the web tamper protection provided by HSS. For details, see Features. When enabling WTP, select servers and configure protection policies (protected directories, scheduled protection, privileged processes, and dynamic WTP). |
|
(Optional) Configuring Remote Backup |
By default, for Linux servers, HSS backs up the files in the protected directories to the local backup paths you specified. For stronger security, you can configure remote backup, so that your data can still be restored even if the local backup is damaged. |
Tamper events that occur during web tamper protection are recorded and displayed in the event list. |
Related Operations
After WTP is enabled, files and folders in the protected directory will be set to read-only and cannot be modified. To update a web page, you can:
- Configure privileged processes
You can configure privileged processes to modify files in protected directories. For details, see Modifying WTP Configuration.
- Configure scheduled protection
You can configure an unprotected period. In this period, static web page protection is automatically disabled and you can update web pages. For details, see Modifying WTP Configuration.
- Manually enable or disable protection on directories
You can disable protection for protected directories, update web pages, and enable protection again. For details, see Manually Enabling or Disabling Directory Protection.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot