The global mitigation policy feature contains general mitigation rules that are accumulated based on the attack and defense experience of Anti-DDoS Proxy. After you enable the global mitigation policy feature, the feature can help reduce the risks that are caused by attacks on your websites. This topic describes how to configure the global mitigation policy feature.
Overview
You can separately enable the global mitigation policy feature for the domain name of each protected website. The global mitigation policy feature supports the following modes: Loose, Normal, and Strict.
Mode | Mitigation effect | Scenario |
Loose | Blocks specific known attacks and allows normal requests. | This mode is suitable for large websites that have strong processing capabilities. |
Normal (recommended) | Blocks attacks that are disclosed on the Internet but are not recorded in the historical traffic of your website. This mode has low impacts on your website. | This mode is suitable for scenarios in which the number of requests does not greatly fluctuate and the business attributes and user sources are stable. |
Strict | Strictly blocks attacks. Normal requests may also be blocked. | This mode is suitable for websites that do not have sufficient processing capabilities. |
Usage notes
If you add a website to your instance on or after November 24, 2021, the global mitigation policy is automatically enabled for the domain name of the website and is in Normal mode.
If you add a website to your instance before November 24, 2021, the global mitigation policy is disabled for the domain name of the website. We recommend that you enable the global mitigation policy for the domain name.
Suggestions on mode change
If you require stronger traffic scrubbing capabilities to improve mitigation performance, we recommend that you use the Strict mode.
ImportantTo prevent adverse impacts of mode change on your website, we recommend that you contact Alibaba Cloud technical support before you use the Strict mode.
If you do not have high requirements for traffic scrubbing, we recommend that you use the Loose mode. For example, you can use the Loose mode during large-scale promotional events.
Prerequisites
A website service is added to Anti-DDoS Proxy. For more information, see Add websites.
Procedure
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland), select Outside Chinese Mainland.
In the left-side navigation pane, choose
.Click the Protection for Website Services tab. On the tab that appears, select a domain name from the list in the left side.
In the Anti-DDoS Global Mitigation Policy section, change the status and mode.
Status: You can turn on or off the switch to enable or disable the global mitigation policy. We recommend that you turn on the switch.
Mode: The Loose, Normal, and Strict modes are supported.