CC Defense Guidelines

速盾网络 TeamApril 29, 2026

CC attack protection settings

Step 1: Log in to the console

Log in to the Sudun console: https://protal.sudun.com/view/login
Go to WEB Acceleration > Domain Management > configuration
Click the various types of buttons under CC Protection to turn it on according to your needs

1. Requests per second: The system monitors the site access in real time, and the CC protection policy configured below will be automatically activated if the set threshold is exceeded.

2. Default rule: After enabling this defense, the built-in CC defense module of this site will be launched, which can be compatible with all WEB defense targets with zero false blocking;

3. Verification code defense: Feature intelligent module detection will be enabled, and the malicious source IP needs to be operated by the browser to be recognized by the machine before it can continue to be accessed.

4. Non-inductive defense: Activate the browser fingerprint CC protection combined with the browser's fingerprint statistics to judge and identify the CC attack behavior of abnormal clients;

5. Random number defense: identify CC attacks with a large number of different random numbers, such as falsifying root directories and file names for a large number of IP requests at the same time;

6. Turn off CC defense: the number of requests per second will be set to unlimited, and only the default built-in protection and custom protection rules will be effective.

7. API-specific defense: API defense currently adopts SHA256+ECDSA signature method, please protect the private key from leakage, and sign the complete process;

API-specific defense description

1. Overview of Signature Algorithms

Algorithm Type: ECDSA (secp256k1) Hash

Algorithm: SHA256

Output Format: r(32 bytes) || s(32 bytes) || recid(1 byte) with a total length of 65 bytes

2. Signature process

Build message msg → hash = SHA256(msg)
Signing with a private key, you get (r,s), low-s normalization
Calculate the recid (0 or 1) and output raw_signature = r|| s|| recid

3. Example (JavaScript)

const ec = new EC('secp256k1')

const key = ec.keyFromPrivate(SIGNKEY, 'hex')

const ts = Math.floor(Date.now() / 1000) // Get the current timestamp

const content = md5('hello world'); hello world can be replaced with something else

const message = `${ts}_${content}_${ts}`; The original content of the signature

const hash = CryptoJS.SHA256(message).toString(CryptoJS.enc.Hex)

const signature = key.sign(hash, { canonical: true })

const recid = key.getPublic(true)

const r = signature.r.toArrayLike(Buffer, 'be', 32)

const s = signature.s.toArrayLike(Buffer, 'be', 32)

Final signature result

const rawSigHex = Buffer.concat([r, s, Buffer.from([recid])]).toString('hex')