Edge Security Acceleration:DDoS

Basic DDoS protection

If you purchase the Basic, Standard, or Advanced plan, ESA provides basic DDoS protection on points of presence (POPs). Basic DDoS protection does not guarantee the number of attacks that can be blocked, and acceleration performance may be compromised if your website suffers volumetric DDoS attacks.

If your website is vulnerable to DDoS attacks, or you want to ensure the security of your website, contact us to upgrade to the Enterprise plan.

Best-effort protection of up to Tbit/s

If you purchase the Enterprise plan, ESA provides best-effort protection of up to Tbit/s. If volumetric DDoS attacks occur, all traffic is routed to the nearest scrubbing center of Alibaba Cloud Anti-DDoS. Then, only the clean traffic is routed back to ESA for acceleration or data caching. This way, acceleration performance is not affected by DDoS protection.

The Enterprise plan provides DDoS protection of up to Tbit/s and supports TCP/UDP proxy. For more information, see TCP/UDP settings.

HTTP DDoS attack protection

When volumetric flood attacks occur at Layer 7, the attack traffic is transmitted to the origin server and consumes resources. This affects normal user access to your websites. Based on the general mitigation rules that are accumulated on the attack and defense experience of Alibaba Cloud Anti-DDoS services, HTTP DDoS attack protection can reduce abrupt attack traffic that is transparently transmitted to your origin server. The default protection level is Normal. You can change the level to enhance protection or reduce false positives.

Procedure

1. Log on to the ESA console.

2. In the left-side navigation pane, click Websites.

3. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

4. In the left-side navigation tree, choose Security > DDoS.

5. On the Mitigation Settings tab, click Configure in the HTTP DDoS Attack Protection section.

   • HTTP DDoS Attack Protection: By default, Level is Normal. You can change the protection level to enhance protection or reduce false positives.

6. Click OK.

Deep learning and protection

If an attack occurs, HTTP DDoS attack protection follows general mitigation rules to block attack requests to the origin. However, these general rules are not enough to continuously handle HTTP flood attacks that feature constantly changing patterns. In this case, deep learning and protection is a better choice. Deep learning and protection can continuously learn attack patterns and generate dynamic mitigation policies. This process may take several minutes. Deep learning and protection offers enhanced defensive performance, but may block some legitimate traffic. You can adjust the mitigation mode and level based on the actual condition.

Procedure

1. Log on to the ESA console.

2. In the left-side navigation pane, click Websites.

3. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

4. In the left-side navigation tree, choose Security > DDoS.

5. On the Mitigation Settings tab, click Configure in the Deep Learning and Protection section.

   • Deep Learning and Protection: By default, Level is Normal. We recommend that you change the protection level to Strict when your website suffers volumetric attacks. If false positives occur, you can change the level to Very Loose.

6. Click OK.