All Products
Search
Document Center

Anti-DDoS:Functions and features

Last Updated:Nov 28, 2024

Anti-DDoS Proxy (Chinese Mainland) instances support IPv4 addresses and IPv6 addresses. Anti-DDoS Proxy (Outside Chinese Mainland) instances support only IPv4 addresses. This topic describes the service adding methods, mitigation settings, and mitigation analysis capabilities that are supported by different types of Anti-DDoS Proxy instances.

Service adding methods

A tick (√) indicates that the service adding method is supported and a cross (×) indicates that the service adding method is not supported.

Note

If you use an instance to forward access requests from clients that use IPv6 addresses, the supported destination varies based on the methods that are used to add your services to Anti-DDoS Proxy. If you add your services by using domains, the access requests are forwarded only to origin servers that use IPv4 addresses. If you add your services by using ports, the access requests can be forwarded to origin servers that use IPv4 addresses or IPv6 addresses.

Item

Anti-DDoS Proxy (Chinese Mainland)

Anti-DDoS Proxy (Outside Chinese Mainland)

IPv4 address

IPv6 address

Use domains

Use ports

Sec-Traffic Manager

  • Cloud service interaction

  • Tiered protection

  • Alibaba Cloud CDN (CDN) or Dynamic Content Delivery Network (DCDN) interaction

  • Cloud service interaction

  • Tiered protection

  • CDN or DCDN interaction

  • Cloud service interaction

  • Tiered protection

  • CDN or DCDN interaction

  • Secure acceleration

  • Network acceleration

Mitigation settings

After you add your service to Anti-DDoS Proxy, you can configure mitigation policies for Anti-DDoS Proxy instances, domain names, or ports. The following table describes the settings.

Item

Sub-item

Anti-DDoS Proxy (Chinese Mainland)

Anti-DDoS Proxy (Outside Chinese Mainland)

IPv4 address

IPv6 address

Protection for infrastructure

Configure the global mitigation policy feature

Configure the blacklist and whitelist (IP address-based) feature

Configure the location blacklist feature

√ (supported only when the Enhanced function plan is used)

×

√ (supported only when the Enhanced function plan is used)

Configure the blackhole filtering deactivation feature

×

×

Configure the near-origin traffic diversion feature

×

×

Configure the UDP reflection attack mitigation feature

√ (supported only when the Enhanced function plan is used)

×

√ (supported only when the Enhanced function plan is used)

Protection for website services

Use the intelligent protection feature

Configure the global mitigation policy feature

Configure the blacklist/whitelist (domain names) feature

Configure the location blacklist (domain names) feature

√ (supported only when the Enhanced function plan is used)

√ (supported only when the Enhanced function plan is used)

√ (supported only when the Enhanced function plan is used)

Configure the HTTP flood mitigation feature

Protection for non-website services

Configure the intelligent protection feature for Layer 4 services

×

Configure the false source feature

Configure the advanced attack mitigation feature

Only TCP ports can be protected.

Configure the packet feature filtering feature

√ (supported only when the Enhanced function plan is used)

×

×

Configure the speed limit for destination feature

Configure the packet length limit feature

Configure the rate limit for source feature

×

Scenario-specific policies

Mitigation analysis capabilities

The following table describes the mitigation analysis capabilities of Anti-DDoS Proxy.

Item

Anti-DDoS Proxy (Chinese Mainland)

Anti-DDoS Proxy (Outside Chinese Mainland)

IPv4 address

IPv6 address

View information on the Attack Analysis page

×

Statistical report (Anti-DDoS Proxy)

×

Log analysis

Query system logs

Query operation logs

Query advanced mitigation logs

Use the alert monitoring feature of CloudMonitor