This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming Technical chat How to enable the CC Attack Protection module on IIS
View: 12568|Reply: 0

How to enable the CC Attack Protection module on IIS

[Copy link]
Posted on 7/27/2016 7:02:05 PM | | | |
The so-called CC attack is a common Internet attack in which hackers use proxy servers to generate a large number of disguised IP addresses and constantly access a certain website, causing the website's CPU, simultaneous connections and other resources to be exhausted, while other normal visitors cannot browse the web. Like DDOS attacks, CC attacks come from a large number of fake IP addresses, and the form of attacks is to send a large number of packets to the target website, so we cannot accurately obtain the IP address of the source of the attack. Unless the other party's attack IP segments are only a few, so that these IP segments can be blocked directly on IIS, IIS 6.0 and later versions have the function of blocking individual IPs or a certain IP segment, but IIS 6.0/7.0 still cannot handle a large number of irregular IP addresses until IIS 8.0 comes out.
IIS 8.0 adds three new features to the IP Restriction module:
1. Dynamic IP restrictions can automatically block IP addresses based on the number of concurrent requests or the number of requests over a period of time.
2. Traditional IP address restrictions will return a 403.6 error (i.e., prohibited state), and the new version of IIS can also directly abort the request, or return unauthorized or not found.
3. Support proxy mode, that is, in addition to blocking the IP of direct attacks, it can also block the real masterminds behind the attacks carried out by proxy servers.
By default, IIS 8.0 does not have the "IP and Domain Restrictions" module installed, we need to install it separately in the "Server Manager".
Next, we open IIS, click on the website you want to set, and then click on the "IP address and domain restrictions" module icon, the main interface is displayed as follows.
In the right operation bar, there are 4 items we need to know.
1. Add allowed entries, that is, add the IP addresses that are allowed to be accessed. When we set other client access to "Deny", only these IP addresses can access.
2. Add a deny entry, that is, add the IP address that denies access. When we set other client access to "Allow", only these IP addresses cannot be accessed.
3. Edit the function settings, where you can set the access rights of other clients (anonymous users), whether to enable proxy mode, and the type of reject operation.
(1) The default access rights of unspecified clients are allowed, if you only want this website to be accessed by specific people, you need to adjust it to "deny" here, and then add a specific IP address in "Add Allowed Entry".
(2) Enable domain name restrictions, that is, in addition to IP addresses, you can also set access to specific domain names. It should be noted that this process will consume a certain amount of system resources to resolve the domain name into an IP address, so do not check this item unless it is a specific case.
(3) Enable proxy mode, IIS will detect the x-forwarded-for information in the head of the page except for the client's IP address, if the two information are inconsistent, then the client generally uses VPN or other proxy tools to access, hiding its true identity. Like domain name restrictions, this feature also consumes system resources.
(4) There are four types of reject operations, the default is prohibited (returns 403 code), and you can also choose other types, such as unauthorized (returns 401), not found (returns 404) and aborted (stops HTTP connection).
4. Edit the dynamic restriction settings
This is the unique weapon to protect against CC attacks! You can choose to limit based on the number of concurrent requests, or you can choose to limit based on the number of requests over time. When a website is attacked by CC, we can directly check these two items, first use the number parameters recommended by IIS, observe the protection effect, and then further fine-tune. Note that if you check "Enable logging only mode", only logs that are ready to be rejected are logged, and not actually blocked, which is suitable for experimentation and debugging.
Although there is still no perfect solution to protect against CC attacks, the dynamic IP address restriction function added in IIS 8.0 can be said to be close to the bottom and very easy to operate. To achieve the best protection effect without affecting normal user access, we need to repeatedly experiment with the above settings to achieve a balance between protection against attacks and normal browsing.





Previous:Mysterious BCD00000000 registry
Next:IIS Defense Against Small-Scale DDOS Attack Instances

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com