Help Center/
Edge Security/
Best Practices/
CC Attack Protection/
Preventing Bonus Hunting by Configuring Service Cookies and System IDs
Updated on 2024-10-31 GMT+08:00
Preventing Bonus Hunting by Configuring Service Cookies and System IDs
This topic introduces how to configure service cookies and system IDs to restrict malicious bonus hunting and downloads.
Application Scenarios
- Scenario 1: To steal extra bonus (such as goods in promotions or downloads), a malicious actor may use the same account to send requests to a website by changing IP addresses or terminals.
Protective measures: Using Cookies (or User IDs) to Configure a Path-based CC Attack Protection Rule
- Scenario 2: To steal extra bonus (such as goods in promotions or downloads), a malicious actor may use multiple accounts to send requests to a website through the same PC by frequently changing its IP address.
Protective measures: Using a System ID to Configure a Path-based CC Attack Protection Rule
Using Cookies (or User IDs) to Configure a Path-based CC Attack Protection Rule
- Log in to the management console.
- Click
in the upper left corner of the page and choose . - In the navigation pane on the left, choose Website Setting under Edge Security.
- In the Policy column of the row containing the target domain name, click the number of enabled protection rules. On the page displayed, confirm that the status of CC attack protection is enabled (
) and click Customize Rule.
Figure 1 CC Attack Protection configuration area
- In the upper left corner of the CC Attack Protection page, click Add Rule. In the displayed dialog box, specify the path to be protected, configure Rate Limit Mode with service cookies (or user ID), and complete other settings based on your service needs. Figure 2 shows an example rule.
- User Identifier: Enter the service cookie or user ID.
- Click Confirm.
Using a System ID to Configure a Path-based CC Attack Protection Rule
- Log in to the management console.
- In the navigation pane on the left, choose Website Setting under Edge Security.
- In the Policy column of the row containing the target domain name, click the number of enabled protection rules. On the page displayed, confirm that the status of CC attack protection is enabled () and click Customize Rule.
Figure 3 CC Attack Protection configuration area
- In the upper left corner of the CC Attack Protection page, click Add Rule. Configure a CC attack protection rule using system ID like HWSESID to limit traffic to the path. Figure 4 shows an example rule.
- User Identifier: Enter the system ID as the cookie.
- Click Confirm.
Parent topic: CC Attack Protection
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
