Automatic L7 CC Protection

1. Introduction

CC Attack (Challenge Collapsar) is a type of Distributed Denial-of-Service (DDoS) attack that aims to overwhelm a website or online service with a flood of legitimate-looking requests in an attempt to exceed the website's capacity to handle multiple requests and prevent legitimate users from accessing the service.

To counter this threat, Asians Cloud Content Delivery Network (CDN) features a security mechanism: Automatic CC Protection.

This feature enables the automatic detection and blockade of CC attacks, protecting the Customer's domains.

2. How Does It Work?

1. The Automatic CC Protection feature has the capability to automatically identify the presence of a CC attack. The detailed working is described in section 4.

2. Upon detecting a CC attack, the system blocks the IP addresses responsible for the attack.

3. The IP addresses identified as sources of the CC attack will be blocked for a predetermined duration, which can be set by the customer in the Asians Cloud CDN’s Security settings.

3. How To Use?

1. Access the Asians Cloud CDN Console.

2. Select the domain on which to apply the automatic protection. Choose the "Edit" option.

1. In the pop-up window that appears, switch to the "Advanced Configuration" tab. (see point 1)

2. Select "L7 Ban" from the left-hand side (see point 2)

3. Toggle the switch to "On" state, and enter the desired duration for which to block the attackers (see point 3, 4).

4. Click on the "Save" button to apply the setting (see point 5).

4. How It Detects the CC Attack?

1. The CDN's system continuously monitors the access statistics every 5 minutes

2. It counts all the page views on the domain from various IPs

3. If the web page requests are more than 220,000 in the previous 5 minutes, then it is classified as an attack, and top two attackers' IP addresses (sending the maximum number of requests) are banned.

Note: It only blocks the top 2 IPs to prevent false bans.

5. How It Blocks the CC Attack?

Once the attack has been detected, the CDN system blocks the attacking IPs in the protection layer. When an IP has been blocked by the CC protection, they will get a HTTP 406 response, and they will see a message "Your IP address is not allowed"

6. What If Legitimate IP gets blocked?

If by chance a legitimate IP gets blocked, the following steps can be taken to whitelist it:

1. Access the Asians Cloud CDN Console.

2. Select the domain on which to whitelist the IP. Choose the "Edit" option.

1. Select "IP Restriction" from the left-hand side (see point 2)

2. Toggle the switch to "On" state if not already enabled (see point 3)

3. Add the legitimate IP address in the text box under the "Allow" section (see point 4)

4. Click on "Add" button (see point 5)

5. Click on the "Save" button to apply the setting (see point 6)

Note: For whitelisting one or more legitimate IP in multiple domains, please reach out to Asians Cloud customer support to include the IPs in the account-wide (CNAME level) whitelist.