API Gateway provides a basic protection of 5 Gbit/s against distributed denial of service (DDoS) attacks. For attacks with heavier traffic, we recommend that you use Alibaba Cloud Anti-DDoS Pro or Anti-DDoS Premium. For more information, see What are Anti-DDoS Pro and Anti-DDoS Premium?.
What is a DDoS attack
In a DDoS attack, the attacker floods a server with Internet traffic to prevent users from accessing connected online services and sites. The attacker does so by creating a large number of fake requests from a malicious program, or a bot, installed on thousands or even more hijacked computers. The requests consume the server performance or network bandwidth, making the server unable to provide services as expected. To mitigate DDoS attacks, you can configure and use Anti-DDoS Pro or Anti-DDoS Premium to protect your APIs. For more information, see What is a DDoS attack.
Prerequisites
An Anti-DDoS Pro or Anti-DDoS Premium instance is purchased. For more information, see Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.
An API is published in API Gateway.
Procedure
Step 1: Bind your domain name to your API group. For more information, see Bind a domain name to an API group. The following figure shows an example.
We recommend that you add a TXT record in this step to facilitate subsequent configurations.
Step 2: Configure a forwarding rule in Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Protect website services. Take note of the following items when you configure the forwarding rule:
Domain: Enter the domain name that is bound to the API group in Step 1.
Protocol: Select the protocol that is used for your API. We recommend that you use HTTPS.
Server IP: Select Origin Server IP and enter the public second-level domain name that is assigned by API Gateway to your API group.
When your dedicated instance is under a DDoS attack, API Gateway notifies you by SMS, internal message, or email.
Requests that are throttled by API Gateway due to DDoS attacks are not included in the service level agreement (SLA) statistics of error rate in API Gateway. You can use Alibaba Cloud Anti-DDoS Pro or Anti-DDoS Premium in combination with API Gateway to protect your business against DDoS attacks.