Enable tamper protection - Defense| Alibaba Cloud Documentation Center

The Basic Anti-Virus, Advanced, and Enterprise editions of Security Center provide the tamper protection feature to protect your websites.

Prerequisites

Before you use tamper protection, make sure that your account has sufficient licenses. On the Tamper Protection page of the Security Center console, you can view the total licenses, used licenses, and license expiration date in the upper-right corner.

Note

The Basic edition of Security Center does not support tamper protection. To use tamper protection, you must upgrade Security Center to the Basic Anti-Virus, Advanced, or Enterprise edition.
One license allows you to enable tamper protection for one server. For more information about limits on directories and files that can be protected, see Limits.
Make sure that you use the licenses before the expiration date. A license becomes invalid after it expires. Invalid licenses cannot be refunded.
You can purchase additional tamper protection licenses as needed. For more information, see Purchase more licenses.

Background information

After you purchase sufficient tamper protection licenses, you can enable tamper protection for servers and directories as needed.
Tamper protection does not take effect immediately after you configure the protected directory, and you can still write files to the directory. In this case, you must go to the Management page, disable Protection for the server where the directory is located, and then enable Protection again.

Note For more information about how to turn on the Protection switch, see Enable protection.

Limits

For each server, you can enable tamper protection for a maximum of 10 protected directories.
Windows operating systems: The maximum size of each directory is 20 GB. Each directory can contain a maximum of 2,000 folders. The maximum directory level is 20. The maximum size of each file is 3 MB.
Linux operating systems: The maximum size of each directory is 20 GB. Each directory can contain a maximum of 3,000 folders. The maximum directory level is 20. The maximum size of each file is 3 MB.
Before you enable tamper protection for a directory, make sure that the directory level, number of folders, and directory size meet the preceding requirements.
We recommend that you exclude file formats that do not require protection, such as .log, .png, .jpg, .mp4, .avi, and .mp3. Separate multiple file formats with semicolons (;).
If no license is available, you cannot enable tamper protection for a server. If a server does not require protection, you can turn off the Protection switch. After tamper protection is disabled for the server, the license consumed by this server is released. You can enable tamper protection for another server.

Procedure

Log on to the Security Center console.
In the left-side navigation pane, choose Defense > Tamper Protection.
On the Tamper Protection page, click the Management tab.
On the Tamper Protection page, click Add Server to enable tamper protection for a target server.
On the Add Servers for Protection page that appears, select a target server that needs to be protected.

Note If no license is available, you cannot enable tamper protection for a server. If a server does not require protection, you can turn off the Protection switch. After tamper protection is disabled for the server, the license consumed by this server is released. You can use the released license to enable tamper protection for another server.
Click Next to go to the Add Directory tab.

On the Add Directory tab, set the following parameters: Add a directory

Select the protection mode. You can select the Whitelist Mode or Blacklist Mode. In whitelist mode, tamper protection is enabled for the specified directories and file formats. In blacklist mode, tamper protection is enabled for the sub-directories, file formats, and files that are not specified. By default, the whitelist mode is selected.

In whitelist mode, set the following parameters:


Parameter	Description
Protected Directory	Enter the path of the directory to be protected. Note Servers that run Linux and Windows operating systems use different path formats. Enter the correct directory path based on your operating system type.
Protected File Formats	Select target file formats from the drop-down list, such as .js, .html, .xml, .jpg.
Local Backup Directory	Displays the default path where backup files of the protected directories are stored. By default, Security Center respectively assigns /usr/local/aegis/bak and C:\Program Files (x86)\Alibaba\Aegis\bak as the backup path for servers that run Linux and Windows operating systems. You can change the default path as needed.

In blacklist mode, set the following parameters:


Parameter	Description
Protected Directory	Enter the path of the directory to be protected.
Excluded Sub-Directories	Enter the path of the sub-directory that does not require tamper protection. You can click Add Sub-Directory to add multiple sub-directories. The files under the excluded sub-directories are not protected by Security Center.
Excluded File Formats	Select the formats of files that do not require tamper protection. You can select from log, txt, and ldb. The specified formats of files are not protected by Security Center.
Excluded Files	Enter the path of the file that does not require tamper protection. You can click Add File to add multiple files. The specified files are not protected by Security Center.
Local Backup Directory	Displays the default path where backup files of the protected directories are stored. By default, Security Center respectively assigns /usr/local/aegis/bak and C:\Program Files (x86)\Alibaba\Aegis\bak as the backup path for servers that run Linux and Windows operating systems. You can change the default path as needed.

Click Enable Protection.
After you enable tamper protection for a server, it is displayed in the server list on the Tamper Protection page.

Note By default, tamper protection is Disabled for newly added servers. To enable tamper protection, you must turn on the switch on the Tamper Protection page for the target server.
In the server list of the Tamper Protection page, turn on the Protection switch to enable tamper protection for the target server.

Note By default, tamper protection is Disabled for newly added servers. To enable tamper protection, you must turn on the switch on the Tamper Protection page for the target server.

If this is your first time enabling tamper protection for a server, the protection state changes to Initializing and a progress bar appears. It may take a few seconds to enable tamper protection. After tamper protection is enabled, the protection state changes to Running.

Note If the protection state of a server is Exception, place the pointer over Exception in the Protection column. A message that indicates the causes appears. Click Retry in the message. For more information, see Handle protection service exceptions.

Related operations

After you enable tamper protection for a server, you can go to the Alerts page, and select Webpage Tampering from the alert types to view the alerts generated upon tampering events. Handle alerts

Note

Tamper protection does not take effect immediately after you configure the protected directory, and you can still write files to the directory. In this case, you must go to the Management page, disable Protection for the server where the directory is located, and then enable Protection again.

Protection states


Protection state	Description	Suggestion
Initializing	Tamper protection is being initialized.	If this is your first time enabling tamper protection for a server, the protection state changes to Initializing. It may take a few seconds to enable tamper protection.
Running	Tamper protection is enabled and running as expected.	None
Exception	The protection status is abnormal because an error occurred.	Place the pointer over the Exception state, view the causes, and then click Retry.
Not Initiated	Tamper protection is disabled.	To enable tamper protection for a server, you must turn on the protection switch.