You can efficiently and comprehensively protect against layer 4 CC attacks such as masquerading and replay attacks by accessing watermark protection. By sharing the watermark algorithm and key between the business side and the Aegis protection system, watermark protection embeds a watermark in every message sent by the client. As the attack messages have no watermark, the protection system can easily identify and discard them. For more information on the configuration, see Custom Advanced Security Policy.
How to Enable
- Enable watermarking in the "Business Domain Name List"
Go to the Aegis Anti-DDoS Console, click Business Domain Name List* in the left pane, and click **Enable watermark.
- Copy the key
a. After watermarking is successfully enabled, select "Copy the key" in the "Enabled successfully" pop-up and click Add Protection Policy.
b. Go to the "Add Protection Policy" page and select "Protected IP".
c. Add the TCP protection port, UDP protection port and allowlist and then click Confirm to add.
- Offline configuration
In the "Enabled successfully" pop-up, click Client connection file to download the file for connecting the client and the server.
- Enable the policy
a. After the policy is created successfully, under Watermark Protection, click Add Policy to modify it and then click Enable policy.
b. Wait a few seconds before the protection status is changed to "protection active", and watermarking is successfully enabled.