We are excited to announce two new Security features:
- DDoS attacks statistics in your personal account
- On/Off test cookies for specific URLs in bot protection
Here, we introduce what these features offer you and how to use them.
DDoS attack statistics allow you to monitor what’s happening with your protected resources in real time – even during the attacks.
DDoS attack statistics show resources’ load with a breakdown by:
- Time period: View general daily statistics or track/analyze attack magnitude in the real time
- Traffic volume: Check the load in either bps (bits per second) or pps (packets per second)
- Resource: See overall statistics for all your assets, or view by individual asset
To see attack statistics, navigate to IaaS service, click Reports > Traffic in your Gcore dashboard. You can filter by specific data centers, time intervals, and attack units (bps or pps) using the dropdown menus at the top of the page.
For example, in these two screenshots you can see attack statistics filtered by bps; above, we showed it in pps:
What Is a Test Cookie? How Does It Help?
The test cookie function is an important tool for identifying and preventing automated access to websites, such as bot attacks. Test cookies check whether the HTTP client sending the request can handle cookies. This serves to gauge the authenticity of the client. If the client can’t handle cookies, the client request was probably generated by a bot, often malicious in nature. So failure to handle test cookies means our system will block the client request, preventing bad bot activity.
Test cookies are effective in identifying and preventing automated bot attacks on sensitive or targeted URLs, enhancing security and performance. However, they may produce false positives with non-standard clients, prove unnecessary for publicly accessible content, and be bypassed by advanced bots, making it less effective in certain contexts.
Here’s how to enable the feature:
- Go to Web Security and open the settings of the desired resource.
- Open the Bot tab.
- To take advantage of test cookies, your bot protection status must be set to High. Ensure that the High mode is selected in Bot protection:
When Bot Protection is set to High, test cookies are automatically available. If you set Bot Protection to Low, the testcookie function will be unavailable. You can turn testcookie on/off for specific URIs, shown at the bottom of the previous image.
- Save changes.
If you’re not yet using Gcore Security, we invite you to check out our DDoS Protection and Web Application Security products. If you have any questions or need assistance—whether with these new Security features or any other Gcore service—we’d love to hear from you at email@example.com.