Anti-DDoS Proxy
|
Module |
Feature |
Description |
References |
|
Security Overview |
Security overview |
The Security Overview page displays trends of service and attack traffic, alert events, connection trends, and service traffic distribution by location. |
Security Overview |
|
Provisioning |
Website configuration |
Anti-DDoS Proxy protects your website only after you add the website to Anti-DDoS Proxy and complete the forwarding settings. |
Add one or more websites |
|
Port configuration |
To use Anti-DDoS Proxy to protect your non-website services, such as client-based applications, you must create port forwarding rules. Then, Anti-DDoS Proxy scrubs traffic that is destined for your services and forwards only service traffic to your origin server based on the port forwarding rules. |
Configure port forwarding rules | |
|
Sec-Traffic Manager |
You can use Sec-Traffic Manager to configure interaction rules between Anti-DDoS Proxy and other Alibaba Cloud services. The rules take effect only in specific scenarios. This feature ensures service continuity and provides protection against DDoS attacks. Sec-Traffic Manager provides features such as cloud service interaction, tiered protection, Alibaba Cloud CDN (CDN) interaction, Dynamic Content Delivery Network (DCDN) interaction, network acceleration, and secure acceleration. |
Overview of Sec-Traffic Manager | |
|
Assets |
Instance management |
You can change the burstable protection bandwidth and configure the burstable clean bandwidth and the burstable queries per second (QPS) of instances. You can also upgrade and renew instances. |
Manage instances |
|
Anti-DDoS plans |
Anti-DDoS Proxy (Chinese Mainland) provides free Anti-DDoS plans to users who meet specific requirements. The free plans can be used to offset the fees that are generated for burstable protection. |
Anti-DDoS plans | |
|
Investigation |
Attack analysis |
After you add your service to your Anti-DDoS Proxy instance, you can view the events and details of attacks that are detected on the instance, to obtain information such as the source IP addresses of attacks, distribution of attack types, and distribution of source locations. This helps ensure a transparent protection process and improve user experience of protection analysis. You can also specify custom configurations. |
View information on the Attack Analysis page |
|
Log analysis |
Anti-DDoS Proxy is integrated with Simple Log Service to collect and analyze full logs of website access. Log analysis is a value-added feature. You must enable this feature before you can use it. After you enable the log analysis feature, Simple Log Service collects the access logs of the website that is protected by Anti-DDoS Proxy in real time. Then, you can query and analyze the logs, and view the log reports. |
Log analysis overview | |
|
System logs |
You can query the bills for the burstable clean bandwidth and burstable QPS of an Anti-DDoS Proxy instance within 90 days. You can also query alerts on exceeded upper limits and destination rate limit events within 90 days. |
Query system logs | |
|
Operation logs |
You can view the logs of important operations on an Anti-DDoS Proxy instance within 180 days. |
Query operation logs | |
|
CloudMonitor alerts |
Anti-DDoS Proxy is integrated with the alert monitoring feature of CloudMonitor. You can configure alert rules and real-time dashboards in the CloudMonitor console. After you configure an alert rule, CloudMonitor reports an alert when the rule is triggered. This way, you can handle exceptions and recover your business at the earliest opportunity. You can also view the monitoring details in real-time dashboards and troubleshoot exceptions. |
Use the alert monitoring feature of CloudMonitor | |
|
Advanced mitigation logs |
If advanced mitigation sessions are provided free of charge for your instance, or if you purchased global advanced mitigation sessions, you can view the usage of the sessions on the Adv. Mitigation Logs page. |
Query advanced mitigation logs | |
|
Mitigation Settings |
Protection for infrastructure |
You can configure the following features to improve DDoS mitigation capabilities at the instance level: blacklist and whitelist (IP address-based), location blacklist, blackhole filtering deactivation, near-origin traffic diversion, and UDP reflection attack mitigation. |
Protection for infrastructure |
|
Protection for website services |
You can configure the following features to improve mitigation capabilities for website services: intelligent protection, anti-DDoS global mitigation policy, blacklist/whitelist (domain names), location blacklist (domain names), and HTTP flood protection. |
Protection for website services | |
|
Protection for non-website services |
You can configure the intelligent protection feature and anti-DDoS mitigation policies to improve DDoS mitigation capabilities. The policies include rate limit for source. |
Protection for non-website services | |
|
Scenario-specific policies |
Anti-DDoS Proxy allows you to create custom mitigation policies. A custom mitigation policy allows you to apply a scenario-specific template for high-traffic scenarios, such as new service launches and Double 11. |
Create custom mitigation policies for specific scenarios | |
|
Anti-DDoS Lab |
Website acceleration |
Anti-DDoS Proxy provides scrubbing centers that are integrated with web caching techniques to protect your website services against DDoS attacks and reduce page load time. |
Anti-DDoS Lab |
Anti-DDoS Origin
|
Module |
Feature |
Description |
References |
|
Business Monitoring |
Business monitoring |
The Business Monitoring page displays the protection data of the Anti-DDoS Origin instance of a paid edition to help you understand the security posture of your service. The protection data includes the traffic trends of protected assets and the DDoS attack events. |
Use the service monitoring feature |
|
Protected Objects |
Asset management |
After you purchase an Anti-DDoS Origin instance of a paid edition, you must add your asset that is assigned a public IP address to the instance for protection. In the following sections, an asset that is assigned a public IP address is referred to as an asset. |
Add an object for protection |
|
WAF instance management |
After you purchase an Anti-DDoS Origin instance of a paid edition, you must add your Web Application Firewall (WAF) instance to the instance for protection against DDoS attacks. |
Add an object for protection | |
|
GA instance management |
After you purchase an Anti-DDoS Origin instance of a paid edition, you must add your Global Accelerator (GA) instance to the instance for protection against DDoS attacks. |
Add an object for protection | |
|
Assets in data centers |
After you purchase an anti-DDoS diversion instance, you can manually enable traffic rerouting to the instance if DDoS attacks are detected on a server in a data center. Then, traffic is rerouted to the traffic scrubbing centers of Alibaba Cloud around the world for traffic scrubbing. After the attacks stop, you can manually disable traffic rerouting to the instance to prevent an increase in service latency. |
Enable traffic rerouting to an anti-DDoS diversion instance | |
|
Mitigation Settings |
IP-specific mitigation policy |
To protect assets of regular Alibaba Cloud services or elastic IP addresses (EIPs) with Anti-DDoS (Enhanced) enabled, you can configure IP-specific mitigation policies to filter out or allow traffic based on the policies and improve the mitigation effect on volumetric DDoS attacks at the network and transport layers. |
Configure IP-specific mitigation policies |
|
Port-specific mitigation policy |
To protect EIPs with Anti-DDoS (Enhanced) enabled, you can configure port-specific mitigation policies to allow or discard traffic that has specific characteristics to mitigate TCP flood attacks (application-layer flood attacks on non-website services) that are launched against your non-website service and monitor and filter application-layer traffic in a fine-grained manner. |
Configure port-specific mitigation policies | |
|
Cross-border traffic blocking policy |
You can configure this type of mitigation policy to block cross-border traffic. This type of mitigation policy is suitable for scenarios in which your service does not involve cross-border traffic. In most cases, this type of mitigation policy discards traffic from specific regions based on the location of the attack source by using core routers in the backbone network of an Internet service provider (ISP). |
Configure a cross-border traffic blocking policy | |
|
Attack Analysis |
Attack analysis |
After you add your asset that is assigned a public IP address to an Anti-DDoS Origin instance, you can query the DDoS attack events that occur on the asset and the event details on the Attack Analysis page. You can view the details of the attack mitigation process in a visualized manner. This helps improve attack analysis experience. |
View information on the Attack Analysis page |
|
Mitigation Logs |
Mitigation logs |
You can use the mitigation analysis feature to query and analyze mitigation logs and view mitigation reports of Anti-DDoS Origin instances. |
Enable mitigation analysis |
|
Log reports |
After you enable the mitigation analysis feature, you can view mitigation reports on the DDoS BGP Mitigation Report and DDoS BGP Events Report tabs. |
View mitigation reports | |
|
Billing Management |
Billing management |
After you purchase an Anti-DDoS Origin (Pay-as-you-go) instance, you can query the service usage on the Billing Management page. |
Query bills on the Billing Management page |
|
Instance Management |
Instance management |
You can view the service monitoring data and operation logs of Anti-DDoS Origin instances. You can also upgrade and renew Anti-DDoS Origin instances. |
Manage instances |