Website protection

Website protection is suitable for HTTP and HTTPS services over ports 80, 8080, 443, and 8443. For more information, see Specify non-standard ports for protection. It mitigates various DDoS attacks at Layer 3 to Layer 7, such as SYN flood, ACK flood, UDP flood, ICMP flood and HTTP flood attacks.

Non-website protection

Non-website protection is suitable for TCP and UDP services at Layer 4 and supports ports other than ports 80, 8080, 443, and 8443, as well as UDP port 53. It mitigates various DDoS attacks at Layer 3 and Layer 4, such as SYN flood, ACK flood, UDP flood, and ICMP flood attacks. However, it cannot mitigate Layer 7 attacks, such as HTTP flood attacks. If you want to protect DNS services, use Alibaba Cloud DNS. Non-website protection supports throttling on new and concurrent TCP connections from specified IP addresses and over specified ports.

Differences

Non-website protection is applicable to attacks at Layer 4. It cannot resolve Layer 7 packets and cannot mitigate Layer 7 attacks
Note you can configure Layer 4 forwarding rules in Anti-DDoS Pro or Anti-DDoS Premium. This applies to special website services (such as WebSocket services) and website services whose ports are not supported by website protection (such as services over ports 81, 82, and 445).