After all the hard work of developing a web application or Mobile App, it may be rather daunting thinking about how you can protect your work against external threats like DDoS attacks. DDoS attacks could easily destroy your hard work, making your application completely unresponsive, or even causing your website to be blackholed by your internet service provider. And, adding to worry, not all Anti-DDoS services are built the same, some of them offer much less protection than others, and other ones can start to bog down your services, so choosing the right anti-DDoS service is crucial nowadays.
In this tutorial, I'm going to show you how you can get started using Alibaba Cloud's Anti-DDoS Premium service, the ultimate anti-DDoS service, to protect your critical assets against DDoS attacks and CC attacks. I'll also show you how you can use the all-new Mainland China Acceleration (MCA) feature to accelerate access to your web application in Mainland China if your application is hosted outside of Mainland China, such as in Singapore or Hong Kong.
In this tutorial, I will be using this service in combination with other Alibaba Cloud products, including Alibaba Cloud Domain Name Service (DNS) and Object Storage Service (OSS).
Below is a step-by-step explanation about how you can configure the whole setup in just 30 minutes.
For this tutorial, I have setup an example, hosted on Alibaba Cloud OSS in Hong Kong. You can access it here.
Imagine this is your original source website, and now you want to protect it from possible attacks. To do this, you'll want to navigate yourself to the Anti-DDoS Premium console where you'll need to purchase the Anti-DDoS Premium service together with a Mainland China Acceleration (MAC) instance.
As the first step, locate the Anti-DDoS Premium service in the Products pane of the console.
Go through the procedure to purchase the Anti-DDoS instance. In this tutorial, I will be using the Insurance plan with Enhanced Function.
Now the Anti-DDoS Premium instance is ready, and we also want to add Mainland China Acceleration (MAC) so that we can offer better services in China.
Click Purchase Instances again, we are going to purchase the MCA instance now.
Select MCA, your desired bandwidth, and then click Purchase. In this tutorial, I used 10 Mb, most of the customers choose this option.
And now the two instances are ready, resulting in one Anti-DDoS with a dedicated IP address and one MCA IP address.
Next, we start configuring the Anti-DDoS Premium with MCA services. To do this, click Provisioning and enter the required information.
Select your purchased Function Plan, and check both instances;
demo.alibabacloudhk.com (This will be the domain that end users will access.)HTTP (It can also support web socket and HTTPS.)websitetemplate.oss-cn-hongkong.aliyuncs.com
After you have entered this information, click Add website.
Now, our setup is already half way done. Click Return to Website List.
You will be able to see that the Website domain is configured with both Anti-DDoS and MCA instance IP addresses.
Next, we will configure the MCA CNAME so that the MCA IP address will be used in China and the Anti-DDoS IP address will serve as a failover in case the MCA IP address is under attack.
Switch to the Sec-Traffic Manager, then click Create Rule.
Next, select Network Acceleration, specify the name. Here I used MCADemo. Last, choose the instances you purchased.
The Security Traffic Manager will generate a CNAME record (58nz89begh5mzq5d.scommander.com in my case) that will do the traffic fail-over if needed in the future.
Now that the CNAME is generated (8h2u1iq6eq8h9176.aliyunddos0025.com). This CNAME is used for China DNS resolution.
We can try to ping the CNAME in any host. Below I pinged from an Alibaba Cloud Elastic Compute Service (ECS) instance located in Shenzhen. The ping took just around 12 milliseconds.
Now in this leg of the tutorial, we will configure Alibaba Cloud Domain Name System (DNS), so your application will be able to resolve demo.alibabacloudhk.com to MCA and Anti-DDoS Premium.
To do this, go to the Alibaba Cloud DNS service, click Domains, and then click on your Domain Name.
Click Add Record, and then set the demo.alibabacloudhk.com as your CNAME, which for me is 8h2u1iq6eq8h9176.aliyunddos0025.com.
You can find any machine located in China to ping the hostname. In doing so, you will find that the hostname will first resolved to the CNAME, and then connect to the MCA quite quickly. About 12 milliseconds from Shenzhen to Hong Kong for our case, for instance.
The website is now accelerated with MCA and protected by Anti-DDoS Premium. The procedures that we just configured works through the following architecture:
Now the website is protected by Anti-DDoS Premium, and accelerated to Mainland China users as well.
Accelerate Your Application using Global Accelerator with Source IP Address Persistence
3 posts | 9 followers
FollowAlibaba Clouder - January 18, 2019
Alibaba Clouder - June 12, 2019
Thomas KW Poon - February 23, 2021
Alibaba Clouder - April 8, 2021
Alibaba Clouder - June 26, 2019
Alibaba Cloud Community - December 23, 2021
3 posts | 9 followers
Follow
Content Delivery Solution
Save egress traffic cost. Eliminate all complexity in managing storage cost.
Learn More
Anti-DDoS
A comprehensive DDoS protection for enterprise to intelligently defend sophisticated DDoS attacks, reduce business loss risks, and mitigate potential security threats.
Learn More
Anti DDoS Basic
A cloud-based security service that protects your data and application from DDoS attacks
Learn More
Edge Security Acceleration (Original DCDN)
Edge Security Acceleration (ESA) provides capabilities for edge acceleration, edge security, and edge computing. ESA adopts an easy-to-use interactive design and accelerates and protects websites, applications, and APIs to improve the performance and experience of access to web applications.
Learn More
Thomas KW Poon March 14, 2020 at 1:50 pm
Any comments and suggestions will be appreciated!