Configure CC protection level

Last updated: 2020-02-17 10:23:53

PDF

Protection instructions

In order to improve the effectiveness of protection and reduce the risk of incorrect Block protection, DDoS High Defense IP service has designed three protection levels for users to choose from against CC attacks. The normal level is provided by default.

  • ** Loose level: ** This level can be used when there is no obvious Traffic anomaly on the protected website. At the same time, this level carries on the relatively loose man-machine identification algorithm verification for all requests of the protected website, that is, it is verified for each visitor, and visitors are allowed to Access website only after passing Verification. As the CC protection policy under this level is relatively loose, there may be a small risk of abnormal requests for pass through.
  • ** Normal level: ** This level is the default CC protection level, which is recommended when a protected website is found to have been attacked by CC. Compared with the loose level, the normal level of CC protection can cover most attack scenarios and can defend against most CC attacks. At the same time, this level will verify the man-machine identification algorithm for all requests for protected websites, that is, for each visitor, and visitors will not allow Access's website until they pass Verification.
  • ** Strict level: ** At this level, the protection strategy of CC attacks is relatively strict, which can protect against more complex CC attacks. At the same time, this level will implement strict man-machine identification algorithm verification for all Access requests, that is, it will be verified for each visitor, and the Access website will be allowed only after Verification has been passed. Due to the strict verification mechanism of this pattern, some normal requests are at risk of being mistaken by Block.
- the protection algorithms used in the above three CC protection levels are only applicable to web pages or H5 page sites.
- if the business of the visited website is API or native App application, there is a great risk of misinterception because this kind of business cannot normally respond to algorithm verification.
- if you have CC protection requirements for API business or native App business, please [submit a ticket](https://console.cloud.tencent.com/workorder/category) to customize the protection policy.

Operation step

By default, the domain name of the website protected by the user's DDoS High Defense IP instance adopts the normal level of CC protection policy, and the user is free to adjust the protection mode according to the actual situation.

  1. Login DDoS Protection console In Left sidebar, select * * DDoS High Defense IP * *-> * * Defense configuration * *, and on the defense policy page, click * * CC Defense * *.
  2. On the CC protection page, navigate to the HTTP CC protection and HTTPS CC protection areas at the bottom of the page, select the domain name that needs to be enabled for CC protection under Protocol, and set the CC protection level.
- the CC protection level policy only takes effect on domain names that are configured for website business (layer 7 access).
- if you have not connected the domain name of the website to be configured to the high defense IP instance, please refer to [access website Business](https://intl.cloud.tencent.com/document/product/297/34102) adds the domain name to the purchased high defense IP instance.

For more information, please refer to Manage CC protection policies .