The Basic Anti-Virus, Advanced, and Enterprise editions of Security Center provide the web tamper proofing feature to protect your websites.

Prerequisites

  • If you use the Security Center Basic edition and want to use the web tamper proofing feature, you must upgrade Security Center to the Basic Anti-Virus, Advanced, or Enterprise edition.
  • The web tamper proofing feature supports Windows 32-bit, Windows 64-bit, and Linux 64-bit. If you use an operating system that is supported by this feature, the directories, the file sizes, and the number of files that can be protected are not limited. For more information about the supported system and kernel versions, see Versions of operating systems and kernels supported by tamper protection. For an operating system that is not supported by this feature, limits are imposed on the directories and files that can be protected. For more information, see Limits.
  • Before you use the web tamper proofing feature, make sure that you have sufficient licenses under your account. One license allows you to enable this feature for one server. The number of used licenses equals the number of servers for which this feature is enabled. In the upper-right corner of the Tamper Protection page, you can view the total licenses, used licenses, and license expiration date. The expiration date of a web tamper proofing license is the same as that of Security Center. You can purchase additional licenses as needed. For more information, see Purchase licenses.Web tamper proofing licenses
Note Make sure that you use the licenses before they expire. A license becomes invalid after it expires. You cannot request a refund for invalid licenses.

Background information

  • After you purchase sufficient web tamper proofing licenses, you can enable this feature for servers and directories as needed.
  • Tamper protection does not take effect immediately after you configure the protected directory, and you can still write files to the directory. In this case, you must go to the Management page, disable Protection for the server where the directory is located, and then enable Protection again.

    Note For more information about how to turn on Protection, see 9.

Limits

  • For each server, you can enable the web tamper proofing feature for a maximum of 10 directories.
  • Limits on the directories that you want to protect in Windows and Linux systems are the same.
    • The maximum size of a directory is 20 GB.
    • The maximum number of folders in a directory is 20,000.
    • The maximum number of directory levels is 20.
    • The maximum size of a file is 20 GB.
  • If no licenses are available, you cannot enable the web tamper proofing feature for a new server. If a server no longer requires this feature, you can turn off Protection to release the license. You can use the released license to enable this feature for a new server.
Note
  • Limits on the directories, the file sizes, and the number of files that can be protected are applicable only to the servers whose operating system and kernel versions are not supported by this feature. For more information about the supported system and kernel versions, see Versions of operating systems and kernels supported by tamper protection.
  • Before you enable the web tamper proofing feature, make sure that the directory level, number of folders, and directory size meet the preceding requirements.
  • We recommend that you exclude file formats that do not require protection, such as LOG, PNG, JPG, MP4, AVI, and MP3. Separate multiple file formats with semicolons (;).

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Defense > Tamper Protection.
  3. On the Tamper Protection page, click the Management tab.
  4. On the Management tab, click Add Server to enable the web tamper proofing feature for a server. Enable the feature for a server
  5. In the Add Servers step of the Add Servers for Protection wizard, select a server that you want to protect.Add Servers for Protection
    Note If no licenses are available, you cannot enable the web tamper proofing feature for a new server. If a server no longer requires this feature, you can turn off Protection to release the license. You can use the released license to enable this feature for a new server.
  6. Click Next to go to the Add Directory step.
  7. In the Add Directory step, configure the parameters.Add Directory
    Select a protection mode. You can select Whitelist Mode or Blacklist Mode. In whitelist mode, this feature is enabled for the specified directory and file formats. In blacklist mode, this feature is enabled for the subdirectories, file formats, and files that are not excluded. By default, the whitelist mode is used.
    • Whitelist mode
      Parameter Description
      Protected Directory Enter the path of the directory that you want to protect.
      Note Servers that run Linux and Windows operating systems use different path formats. Enter the correct directory path based on your operating system.
      Protected File Formats Select file formats that you want to protect from the drop-down list, such as js, html, xml, and jpg.
      Local Backup Directory The default path where the backup files of the protected directory are stored.

      By default, Security Center assigns /usr/local/aegis/bak as the backup path for servers that run Linux operating systems and C:\Program Files (x86)\Alibaba\Aegis\bak for servers that run Windows operating systems. You can modify the default path as needed.

    • Blacklist mode
      Parameter Description
      Protected Directory Enter the path of the directory that you want to protect.
      Excluded Sub-Directories Enter the path of the subdirectory for which you do not need to enable this feature.

      You can click Add Sub-Directory to add multiple subdirectories.

      The files under the excluded subdirectories are not protected by Security Center.

      Excluded File Formats Select the formats of files for which you do not need to enable this feature.

      Valid values: log, txt, and ldb.

      The files of the specified formats are not protected by Security Center.

      Excluded Files Enter the path of the file for which you do not need to enable this feature.

      You can click Add File to add multiple paths.

      The files in the specified paths are not protected by Security Center.

      Local Backup Directory The default path where the backup files of the protected directory are stored.

      By default, Security Center assigns /usr/local/aegis/bak as the backup path for servers that run Linux operating systems and C:\Program Files (x86)\Alibaba\Aegis\bak for servers that run Windows operating systems. You can modify the default path as needed.

  8. Click Enable Protection.
    After you enable this feature for a server, the server is displayed in the server list on the Management tab of the Tamper Protection page.
    Note By default, Protection is turned off for the new server. To use the web tamper proofing feature, you must turn on Protection of the server on the Management tab of the Tamper Protection page.
    Server list
  9. In the server list, turn on Protection to enable this feature for the new server.Protection state
    Note By default, Protection is turned off for the new server. To use the web tamper proofing feature, you must turn on Protection of the server on the Management tab of the Tamper Protection page.
    If this is the first time you enable this feature for a server, the status of the server is Initializing, and a progress bar appears. It requires a few seconds to enable this feature. After this feature is enabled, the status changes to Running.Initializing
    If the status of a server is Exception, move the pointer over Exception in the Status column. A message that indicates the causes appears. Click Retry in the message. For more information, see #abnormal.Exception

What to do next

After you enable this feature for a server, go to the Tamper Protection page to view detected web tampering events and alerts.Handle alerts
Note

Tamper protection does not take effect immediately after you configure the protected directory, and you can still write files to the directory. In this case, you must go to the Management page, disable Protection for the server where the directory is located, and then enable Protection again.

Web tamper proofing states

State Description Suggestion
Initializing The web tamper proofing is being initialized. If this is the first time you enable this feature for a server, the status of the server is Initializing. It requires a few seconds to enable this feature.
Running The web tamper proofing feature is enabled and running as expected. None.
Exception An error occurred when you enable the web tamper proofing feature. Move the pointer over Exception, view the causes, and then click Retry.
Not Initiated The web tamper proofing feature is disabled. To enable this feature for a server, you must turn on Protection.