Enable tamper protection - Defense| Alibaba Cloud Documentation Center

Security Center Advanced and Enterprise editions provide the tamper protection feature to protect your websites.

Prerequisites

Before you use tamper protection, make sure that your account has sufficient licenses. On the Tamper Protection page in the Security Center console, you can view the total number of licenses, number of consumed licenses, and license expiration date in the upper-right corner. The expiration date of the tamper protection licenses is the same as that of Security Center.

Note

This feature is supported by the Advanced and Enterprise editions. You must upgrade the Basic edition to the Advanced or Enterprise edition before you can use this feature.
One license can be used to protect one server only. If you disable tamper protection for a server, the license is released. For more information about limits on directories and files that can be protected, see Limits.
Make sure that you use the licenses before the expiration date. A license becomes invalid after it expires. Invalid licenses cannot be refunded.
You can purchase more tamper protection licenses as needed. For more information, see Purchase licenses.

Background information

After you purchase sufficient tamper protection licenses, add servers and directories for protection.
Tamper protection does not take effect immediately after you configure the protected directory, and you can still write files to the directory. In this case, you must go to the Management page, disable Protection for the server where the directory is located, and then enable Protection again.

Note For more information about how to turn on the Protection switch, see Enable protection.

Limits

For each server, you can add a maximum of 10 directories for protection.
The protected directories of a Windows server must meet the following requirements: The maximum size of each directory is 20 GB. Each directory can contain a maximum of 2,000 folders. The maximum directory level is 20. The maximum size of each file is 3 MB.
The protected directories of a Linux server must meet the following requirements: The maximum size of each directory is 20 GB. Each directory can contain a maximum of 3,000 folders. The maximum directory level is 20. The maximum size of each file is 3 MB.
Before you add a directory for protection, make sure that the directory level, the number of folders, and the directory size meet the preceding requirements.
We recommend that you exclude file formats that do not require protection, such as LOG, PNG, JPG, MP4, AVI, and MP3. Separate multiple file formats with semicolons (;).
You cannot add servers for protection if no license is available. If a server does not require protection, turn off the Protection switch. After protection is disabled for the server, the license used by this server is released, and you can add another server for protection.

Procedure

Log on to the Security Center console.
In the left-side navigation pane, choose Defense > Tamper Protection.
On the Tamper Protection page, click the Management tab.
On the Tamper Protection page, click Add Server to add servers to be protected.
In the Add Servers for Protection page that appears on the right, select the servers that you want to protect.

Note You cannot add servers for protection if no license is available. If a server does not require protection, turn off the Protection switch. After protection is disabled for the server, the license used by this server is released, and you can add another server for protection.
Click Next to go to the Add Directory tab.

On the Add Directory tab, set the following parameters: Add directories

Select the protection mode. You can select Whitelist Mode or Blacklist Mode. The whitelist mode protects the specified directories and files in the specified formats. In the blacklist mode, you can specify the sub-directories, file formats, and files that do not require protection. All the other files in the specified directory are protected. By default, the whitelist mode is selected.

In the whitelist mode, set the following parameters:


Parameter	Description
Protected Directory	Enter the directory that you want to protect. Note The format of a directory varies depending on the server operating system (Linux or Windows). Enter a directory in the correct format.
Protected File Formats	Select file formats from the drop-down list, such as JS, HTML, XML, and JPG.
Local Backup Directory	The default path that is used to back up the protected directory is displayed. Security Center assigns the following default backup directories: /usr/local/aegis/bak for Linux servers and C:\Program Files (x86)\Alibaba\Aegis\bak for Windows servers. You can change the backup directory.

In the blacklist mode, set the following parameters:


Parameter	Description
Protected Directory	Enter the directory that you want to protect.
Excluded Sub-Directories	Enter the sub-directories that do not require tamper protection. You can click Add Sub-Directory to enter more sub-directories. Security Center does not provide tamper protection to files under the excluded sub-directories.
Excluded File Formats	Enter the formats of files that do not require tamper protection. Supported formats include log, txt, and ldb. Security Center does not provide tamper protection to files in the excluded formats.
Excluded Files	Enter the path of the file that does not require tamper protection. You can click Add File to add more files. Security Center does not provide tamper protection to the excluded files.
Local Backup Directory	The default path that is used to back up the protected directory is displayed. Security Center assigns the following default backup directories: /usr/local/aegis/bak for Linux servers and C:\Program Files (x86)\Alibaba\Aegis\bak for Windows servers. You can change the backup directory.

Click Enable Protection.
After you add the server, it is displayed in the server list on the Tamper Protection page.

Note By default, tamper protection is Disabled for newly added servers. You need to turn on the switch on the Tamper Protection page for the target server.
In the server list on the Tamper Protection page, turn on the Protection switch to enable tamper protection for the target server.

Note By default, tamper protection is Disabled for newly added servers. You need to enable tamper protection on the Tamper Protection page for the target server.

If this is your first time enabling tamper protection for a server, the protection status becomes Initializing and a progress bar appears. It takes a few seconds to enable tamper protection, and then the protection status becomes Running.

Note If the protection status of a server becomes Exception, place the pointer over Exception in the Protection column. A message appears indicating the exception cause. Click Retry in the message. For more information, see Handle protection service exceptions.

What to do next

After you enable tamper protection, you can go to the Alerts page, and select Webpage Tampering from the alert type drop-down list to view the alerts generated based on tampering events. Alerts

Note

Tamper protection does not take effect immediately after you configure the protected directory, and you can still write files to the directory. In this case, you must go to the Management page, disable Protection for the server where the directory is located, and then enable Protection again.

Handle protection service exceptions


Protection status	Description	Suggestion
Initializing	Web tamper protection is being initialized.	If this is your first time enabling tamper protection for a server, the protection status becomes Initializing. It takes a few seconds to enable tamper protection.
Running	Web tamper protection is enabled.	-
Exception	An error occurred while enabling tamper protection.	Place the pointer over Exception in the Protection column to view the exception cause and click Retry.
Not Initialized	Web tamper protection is disabled.	Turn on the Protection switch to enable tamper protection.