Security Center Enterprise edition and Pro edition provide the Web tamper protection feature to protect your websites.

Prerequisites

Before you use Web tamper protection, make sure that your account has sufficient licenses. On the Tamper Protection page in the Security Center console, you can view the total licenses, used licenses, and license expiration date in the upper-right corner. The expiration date of the Web tamper protection licenses is the same as that of Security Center.Web tamper protection licenses
Note
  • One license can be used to protect one server. If you disable Web tamper protection for one server, the license is released.
  • Make sure that you use the licenses before the expiration date. After the expiration date, your licenses become invalid, and the invalid licenses cannot be refunded.
  • You can purchase Web tamper protection licenses if needed. For more information, see Purchase licenses.

Background information

To use this feature, purchase Web tamper protection licenses. Then add servers and directories for protection.

Note After you add a server on the Tamper Protection page, by default, the protection is disabled for this server. To enable protection, you must turn on the toggle in the Protection column for the specific server. For more information, see step 8 in Procedure.

Limits

  • You can add a maximum of 10 directories of a server for protection.
  • The protected directories of a Windows server must meet the following requirements: The maximum size of each directory is 20 GB. Each directory can contain a maximum of 20,000 folders. The maximum directory level is 20. The maximum size of each file is 3 MB.
  • The protected directories of a Linux server must meet the following requirements: The maximum size of each directory is 20 GB. Each directory can contain a maximum of 3,000 folders. The maximum directory level is 20. The maximum size of each file is 3 MB.
  • Before you add a directory for protection, make sure that the directory level, the number of folders, and the directory size meet the preceding requirements.
  • We recommend that you exclude file formats that do not require protection, such as LOG, PNG, JPG, MP4, AVI, and MP3 files. Separate multiple file formats with semicolons (;).
  • You cannot add servers for protection if no license is available. If a server does not require protection, turn off the toggle in the Protection column for this server. After this operation, the license used by this server is released, and you can add another server for protection.

Procedure

  1. Log on to the Security Center console.
  2. In the left pane, choose Defense > Tamper Protection.
    Note Only Enterprise edition and Pro edition provide this feature.
  3. On the Tamper Protection page, click Add Server to add the servers to be protected.
  4. In the Add Servers for Protection dialog box, select servers that you want to protect.
    Note You cannot add servers for protection if no license is available. If a server does not require protection, turn off the toggle in the Protection column for this server. After this operation, the license used by this server is released, and you can add another server for protection.
  5. Click Next, and the Add Servers for ProtectionAdd Directory tab appears.
  6. On the Add Directory tab, configure the following parameters:
    Select the protection mode. Whitelist mode and blacklist mode are available. In whitelist mode, specify the directories and file formats to be protected. In blacklist mode, specify the sub-directories, file formats, and files that do not require protection. All the other files in the specified directory are protected. By default, the whitelist mode is used.
    • In whitelist mode, configure the following parameters:
      Parameter Description
      Protected directory Enter a directory to be protected.
      Note The format of a directory varies with the server OS. Enter a directory in the right format.
      Protected file formats In the drop-down list, select the file formats to be protected, for example, JS, HTML, XML, and JPG.
      Local backup directory The default path that is used to back up the protected directory is displayed. Security Center assigns the following default backup directories: /usr/local/aegis/bak for Linux servers and C:\Program Files (x86)\Alibaba\Aegis\bak for Windows servers. You can modify this directory.
    • In blacklist mode, configure the following parameters:
      Parameter Description
      Protected directory Enter a directory to be protected.
      Excluded sub-directories Enter the sub-directories that do not require Web tamper protection. Click Add Sub-Directory to enter more sub-directories. Security Center does not protect the files in the excluded sub-directories.
      Excluded file formats Enter the file formats that do not require Web tamper protection. Separate multiple file formats with semicolons (;). Security Center does not protect the files of the excluded file formats.
      Excluded files Enter the path of a file that does not require Web tamper protection. Click Add File to add more files. Security Center does not protect the excluded files.
      Local backup directory The default path that is used to back up the protected directory is displayed. Security Center assigns the following default backup directories: /usr/local/aegis/bak for Linux servers and C:\Program Files (x86)\Alibaba\Aegis\bak for Windows servers. You can modify this directory.
  7. Click Enable Protection.
    After you add a server, it is displayed on the server list on the Tamper Protection page.
    Note Web tamper protection is disabled by default for a newly added server. To enable protection, you must turn on the toggle in the Protection column for this server on the Tamper Protection page.
  8. On the server list on the Tamper Protection page, turn on the toggle in the Protection column for this server.
    Note Web tamper protection is disabled by default for a newly added server. To enable protection, you must turn on the toggle in the Protection column for this server on the Tamper Protection page.
    After you enable protection for a server for the first time, the service status changes to Initializing, and a progress bar appears. After several seconds, the service status changes to Running.
    Note If the service status of a server is Exception, click Exception. View the details of the exception, and click Retry. For more information, see Handle protection service exceptions.

Subsequent operations

After you enable Web tamper protection, you can go to the Alerts page, and select Tamper Protection in the event type drop-down list to view the alerts on Web tampering events.

Handle protection service exceptions

Service status Description Resolution
Initializing Web tamper protection is being initialized. After you enable protection for a server for the first time, the service status changes to Initializing. It takes several seconds to start the service.
Running The protection is enabled. -
Exception An error occurred while starting the service. Click Exception in the Status column. View the details of the exception, and click Retry. For more information, see Handle protection service exceptions.
Not initialized The protection service is disabled. Set the toggle in the Protection column to On.