Web application protection system OpenWAF open source CC protection module

OpenWAF was open sourced in October last year, it has opened up major modules one after another in the past six months, and has received a lot of attention from many parties. Recently, the CC module that everyone is looking forward to has just been open sourced!
What is CC? What can OpenWAF 's CC protection do? Below we will introduce you in detail.

【OpenWAF open source CC protection module】What is CC?


For example, a new beef noodle restaurant opened in the east of the city. One day, a local bully summoned a group of younger brothers, swarming into the beef noodle restaurant, occupying all the seats, only chatting but not ordering, so that real customers could not enter the store to consume. As a result, the business of the beef noodle restaurant was affected and suffered heavy losses.
If this beef noodle restaurant is regarded as an Internet company, then the evil deeds of this group of local ruffians is a typical distributed denial of service, which is what we call a DDoS attack.
CC attack is a kind of DDOS (distributed denial of service), and CC seems to be more technical than other DDOS attacks. The attacker uses the proxy server to generate legitimate requests to the victim host, realizes DDOS, and pretends to be called: CC ( ChallengeCollapsar ).
In this attack, you can't see the real source IP, and you can't see particularly large abnormal traffic, but it will cause the server to fail to connect normally. Such as e-commerce and game operators are common victims of CC attacks.
in detail.

【OpenWAF open source CC protection module】The principle of CC attack


traditional CC attack is that the attacker controls some hosts to continuously send a large number of data packets to the other server, causing the server resources to be exhausted until it crashes. CC is mainly used to attack pages. Everyone has this experience: when a web page is visited by a large number of people, it will be slow to open the web page. CC is to simulate multiple users (as many threads as many users) and keep going. Accessing pages that require a lot of data operations (that is, requiring a lot of CPU time) results in a waste of server resources. The CPU is at 100% for a long time, and there will always be unfinished connections until the network is congested and normal access is suspended.
in detail.

【OpenWAF open source CC protection module】OpenWAF 's anti-CC attack


The traditional CC protection will always judge whether the CC cleaning threshold is reached, and find the attack source to intercept, which is often inefficient and has a high false positive rate.
OpenWAF 's CC protection is divided into two stages: traffic monitoring and traffic cleaning. During the traffic monitoring phase, it is not necessary to record the detailed information of each IP before reaching the server performance bottleneck. That is to say, the speed limit is only imposed when there is a traffic jam, and you can drive as fast as you want without the traffic jam. This saves resources and effectively improves engine performance. When the traffic reaches the set trigger threshold, it really enters the traffic cleaning phase, and records and analyzes the IP and path traffic at all times to implement "speed limiting".
When traffic reaches the cleaning threshold, traditional CC protection only supports blocking requests, resulting in a high probability of "manslaughter" and poor user experience. And OpenWAF provides a wealth of blocking actions, not only supports blocking, but also provides connection reset, human-machine identification (JS code verification or verification code verification, this function will be open sourced in April). It's like encountering an accident. Instead of directly revoking the driver's license, we make a responsibility judgment, which effectively improves the user experience and reduces false positives.
OpenWAF 's traffic monitoring currently supports monitoring the request traffic per second and the number of requests per second. The traffic cleaning phase currently supports the number of new connections per second at the IP level, the total number of connections at the IP level, the number of requests per second at the IP level, and the number of requests per second at the path level. Combined with the security policy of OpenWAF , multiple configurations at the site level, path level, and IP level can be performed to effectively perform multiple protections, allowing you to easily customize the "traffic speed limit rules" you want.
We always believe that "the more you share, the more secure", we hope that more people can try OpenWAF , join the team of protecting WEB security, and give us your valuable opinions.
This article comes from the Open Source China Community [ http://www.oschina.net ]

Copyright statement: The content of this article is contributed by Alibaba Cloud real-name registered users. The copyright belongs to the original author. The Alibaba Cloud developer community does not own the copyright and does not assume the corresponding legal responsibility. For specific rules, please refer to the " Alibaba Cloud Developer Community User Service Agreement " and " Alibaba Cloud Developer Community Intellectual Property Protection Guidelines ". If you find any content suspected of plagiarism in this community, fill out the infringement complaint form to report it. Once verified, this community will delete the allegedly infringing content immediately.

Related Articles

Explore More Special Offers

  1. Short Message Service(SMS) & Mail Service

    50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00