LogoLogo
Asians Group
  • Get Started
    • How Asians Cloud CDN works
    • How Asians Cloud CDN delivers content
  • Domains
    • Adding domains
    • Deactivate / Delete Domain
    • Restoring Domain
    • Wildcard Domain
    • Add Wildcard Domain
    • Diagnose
  • Batch Operation
    • Batch Import
    • Batch modify “Basic Configuration”
  • SSL Certificate
    • Configure SSL Certificate
    • Upload SSL Certificate
    • Download SSL Certificate
    • Generate Certificate in Batch
    • Enabling Mandatory HTTPS in Batch
    • Disabling Mandatory HTTPS in Batch
  • Cache
    • Automatic Cache
    • Cache Bypass
    • No Cache
    • Clearing cache
    • Clearing cache in batch
    • Configure cache in batch
    • Cache Status
  • Defense
    • Enable JS Test
    • Rate limiting
    • Geographical area access - Whitelist
    • Geographical area access - Deny list
    • Configure IP Allowed list
    • Configure IP Deny list
    • Custom Error page
    • Sec Link
    • Automatic L7 CC Protection
  • DNS
    • Configure DNS
    • Configure DNS - Cloudflare
      • Create DNS Record
      • Edit DNS Record
      • Delete DNS Record
  • Network Traffic Log
    • Download Network Traffic Log
  • Account information - (Change password) or FAQ
Powered by GitBook
On this page
  • 1. Introduction
  • 2. How Does It Work?
  • 3. How To Use?
  • 4. How It Detects the CC Attack?
  • 5. How It Blocks the CC Attack?
  • 6. What If Legitimate IP gets blocked?

Was this helpful?

  1. Defense

Automatic L7 CC Protection

PreviousSec LinkNextDNS

Last updated 1 year ago

Was this helpful?

1. Introduction

CC Attack (Challenge Collapsar) is a type of Distributed Denial-of-Service (DDoS) attack that aims to overwhelm a website or online service with a flood of legitimate-looking requests in an attempt to exceed the website's capacity to handle multiple requests and prevent legitimate users from accessing the service.

To counter this threat, Asians Cloud Content Delivery Network (CDN) features a security mechanism: Automatic CC Protection.

This feature enables the automatic detection and blockade of CC attacks, protecting the Customer's domains.

2. How Does It Work?

  1. The Automatic CC Protection feature has the capability to automatically identify the presence of a CC attack. The detailed working is described in section 4.

  2. Upon detecting a CC attack, the system blocks the IP addresses responsible for the attack.

  3. The IP addresses identified as sources of the CC attack will be blocked for a predetermined duration, which can be set by the customer in the Asians Cloud CDN’s Security settings.

3. How To Use?

  1. Access the Asians Cloud CDN Console.

  2. Select the domain on which to apply the automatic protection. Choose the "Edit" option.

  1. In the pop-up window that appears, switch to the "Advanced Configuration" tab. (see point 1)

  2. Select "L7 Ban" from the left-hand side (see point 2)

  3. Toggle the switch to "On" state, and enter the desired duration for which to block the attackers (see point 3, 4).

  4. Click on the "Save" button to apply the setting (see point 5).

4. How It Detects the CC Attack?

  1. The CDN's system continuously monitors the access statistics every 5 minutes

  2. It counts all the page views on the domain from various IPs

  3. If the web page requests are more than 220,000 in the previous 5 minutes, then it is classified as an attack, and top two attackers' IP addresses (sending the maximum number of requests) are banned.

Note: It only blocks the top 2 IPs to prevent false bans.

5. How It Blocks the CC Attack?

Once the attack has been detected, the CDN system blocks the attacking IPs in the protection layer. When an IP has been blocked by the CC protection, they will get a HTTP 406 response, and they will see a message "Your IP address is not allowed"

6. What If Legitimate IP gets blocked?

If by chance a legitimate IP gets blocked, the following steps can be taken to whitelist it:

  1. Access the Asians Cloud CDN Console.

  2. Select the domain on which to whitelist the IP. Choose the "Edit" option.

  1. Select "IP Restriction" from the left-hand side (see point 2)

  2. Toggle the switch to "On" state if not already enabled (see point 3)

  3. Add the legitimate IP address in the text box under the "Allow" section (see point 4)

  4. Click on "Add" button (see point 5)

  5. Click on the "Save" button to apply the setting (see point 6)

Note: For whitelisting one or more legitimate IP in multiple domains, please reach out to Asians Cloud customer support to include the IPs in the account-wide (CNAME level) whitelist.

Click the Edit option
In this example configuration shown above, the CC attackers will be banned for 1 hour (3600 seconds).
Click the Edit option
The IP restriction dialog