The principle of server cc attack and the idea of preventing CC attack

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

The basic principle of CC attack

CC attacks use proxy server * To send a large number of URL requests to the Web site, such as database queries, causing the server to perform a large number of calculations and quickly achieve its own processing capacity to form a DOS. An attacker who sends a request to an agent is actively disconnected since the agent does not connect to the target server because the client side is disconnected. Therefore, the resource consumption of the attack aircraft is relatively small, and from the target server, the request from the agent is legal.

Previous methods to prevent CC attacks

To prevent CC, one of the previous methods was to limit the number of connections per IP, this is difficult to implement in the case of a wide range of addresses, and the second is to restrict the access of the proxy, because the general agent will be in the HTTP header with the X_forwarded_for field, but there are limitations, some agents in the request is not with the field , other clients do need a proxy to connect to the target server, and this restriction denies some normal user access.

CC attacks are hard to defend against.

CC attacks are more frightening than DDoS attacks, where CC attacks are generally hard to prevent.

There are three reasons for personal analysis:

First, because the CC attack IP is true, decentralized;

Second, the CC attack packets are normal packets;

Third, the CC attack requests, all are valid requests, cannot reject the request.

Anti-CC attack ideas

Anti-CC effectiveness is that the attacker does not accept the server response data, send the request after the active disconnect, so to confirm the connection is CC, the server side does not immediately execute the URL request command, but simply return a page to turn the response, the response contains a new URL request address. If it is normal access, the client will be actively connected to the turn page again, transparent to the user, and for CC attackers, because do not receive the response data, so will not reconnect, the server does not need to continue to operate.

Concrete implementation

The key to implementation is how the URL of the shift is constructed, ' the reverse-generation Web ' design approach is to add a "value" that adds a unique value, text form, as part of the URL at the end of the original URL request, and checks to see if the value is valid when the URL that contains the value is returned again. If it is valid, then the URL is legitimately connected again, the value part of the URL is erased, the original URL request is restored to the server for normal access, or the URL request is rejected.

"Value" can be ever-changing settings, very flexible. Users can set up as needed.

The approach adopted is also very flexible. At the same time, the steering can be set to automatic steering or manual steering.

Summary

Firewall anti-CC approach is to block IP, it is possible to seal off the normal access to the user's IP.

CC is an attack of the HTTP protocol, not TCP/IP, and the ' anti-generation web ' is the underlying Web server that understands HTTP.

The ' anti-generation web ' anti-CC attack can be very effective and defensive, and it is 0-plus, without affecting the access of normal users.

' Anti-generation web ' anti-CC attack in the Web management interface easy to click on the mouse set rules, no need to write code.

This article by the Great Tang door-www.ndxs.cn share, reprint please keep the link, thank you.