How to protect the website CC? Among the types of attacks encountered in website business, in addition to DDOS attacks, CC attacks are more common. CC attacks are mainly used to attack pages. The attacker uses a proxy server to generate request commands and send them to the victim. Host. Consume the resources of the victim's host in the form of masquerading as a normal request, so that the host's resources will crash and shut down after being exhausted.
CDN can achieve some basic security protection capabilities including CC protection, but in the face of more complex network attacks, the combination of CDN and cloud security capabilities, through some simple additional configurations, can better resist external attacks and ensure business Safe and stable.
1. CDN combines with WAF to filter malicious requests layer by layer
The strategy of web protection is to resist malicious requests through layered filtering. The first layer is precise access control, which refers to the specific interception strategy for http requests; the second layer is regional bans, which intercept requests for invalid areas or abnormal regions; the third layer is the IP reputation system, which uses the Internet accumulated by Alibaba Cloud for many years IP big data portrait, classify malicious behavior and intercept IP; the fourth layer is a blacklist system, which intercepts certain UAs or IPs, and the above four layers are all accurate interception.
2. Identify Internet Bot traffic based on machine traffic management and block malicious crawlers
In addition, the fifth layer is frequency control, which intercepts relatively high frequency and abnormal access IP; the sixth layer is to manage Internet machine traffic to block malicious crawlers; the seventh and eighth layers are WAF and origin site advanced protection, for The source station carries out deeper protection. It can be seen that in combination with CDN and cloud security capabilities, CC protection is better.
3. Combined with CDN to achieve DDoS cleaning
CDN provides enterprises with marginal application layer DDoS, that is, CC protection capabilities, which can be monitored through multiple dimensions such as IP, Header parameters, URL parameters, etc., and can be counted through the number of times, status codes, and request methods, and finally malicious Safe interception of access effectively guarantees access to normal business volume.
In the face of DDoS attacks at the network layer, CDN products and DDoS products can be linked. In the distribution scenario, they can be distributed through CDN. When a DDoS attack occurs, the attack area can be detected and the attack can be effectively dispatched to the DDoS for protection and cleaning. Effectively protect the source station.
Through the linkage scheme, mass DDoS cleaning can be effectively used, and floods such as SYN, ACK, ICMP, UDP, NTP, SSDP, DNS, and HTTP can be perfectly protected. At the same time, based on computing power and deep learning algorithms, intelligently predict DDoS attacks and smoothly switch high-defense IP without affecting business operations.
Recently, the high defense CDN team found that some domain names had abnormal business access, which caused bandwidth bursts, generated high bills, and brought customers accounts that were higher than the daily consumption amount. In order to protect the rights and interests of customers to the greatest extent. High-defense CDN recommends that you pay attention to the following countermeasures: (1) In order to ensure the normal operation of the service and avoid the appearance of high bills, it is recommended to turn on the protection function or manage the traffic accordingly; (2) If your business is potentially vulnerable Attack risks, it is recommended to open SCDN products, SCDN products have a stronger overall security protection capabilities.
In summary, based on the understanding of CC protection, the security architecture of the high-defense CDN is based on the edge security protection mechanism implemented by the CDN distributed nodes, and the high-defense cleaning center is also linked for protection.
This article is from: https://www.zhuanqq.com/News/Industry/273.html