After you add your service to an Anti-DDoS Proxy instance for protection, a global mitigation policy is automatically bound to the instance. This policy can effectively reduce the risks that are caused when an attack occurs. This topic describes the built-in global mitigation policies and how to configure a policy.
What is a global mitigation policy?
A global mitigation policy is a collection of common mitigation rules that are accumulated from a large number of daily attack and defense events handled by the anti-DDoS engine. The policy can mitigate volumetric attacks with known characteristics. When an attack with known characteristics occurs, the policy immediately takes effect and reduces the risks caused by the attack.
A global mitigation policy takes effect on all service resources that are added to an Anti-DDoS Proxy instance for protection. If multiple websites, application services, and cross-region service nodes are added to the same Anti-DDoS Proxy instance for protection, the global mitigation policy bound to the instance takes effect on all protected objects.
A global mitigation policy takes effect only when the IP address of an Anti-DDoS Proxy instance is under attack.
Policy description
The built-in global mitigation policies are Normal, Loose, and Strict. If you purchase an Anti-DDoS Proxy instance, the Normal global mitigation policy is automatically applied. If the built-in global mitigation policies do not meet your requirements, contact your account manager to create custom global mitigation policies.
Policy | Mitigation method | Description |
Loose |
| The Loose global mitigation policy protects only against packets that have clear attack characteristics. However, traffic of complicated attacks may be transparently transmitted to your origin server. We recommend that you select this policy only if false positives are generated for your service. |
Normal |
| The Normal global mitigation policy balances between service availability and protection effectiveness. This policy is suitable for most services and can mitigate common DDoS attacks. |
Strict |
| The Strict global mitigation policy provides strong protection. In rare cases, false positives may be generated. We recommend that you select this policy only if attack traffic is transparently transmitted to your origin server. |
Prerequisites
A website service or non-website service is added to Anti-DDoS Proxy. For more information, see Add websites or Manage forwarding rules.
Configure a global mitigation policy
Log on to the Anti-DDoS Proxy console.
In the left-side navigation pane, choose
.In the Anti-DDoS Global Mitigation Policy section of the Protection for Infrastructure tab, select a global mitigation policy from the Mitigation Policy drop-down list. You can select Loose, Normal, or Strict.