- Release Notes and Announcements
- Product Introduction
- Comparison of Anti-DDoS Solutions
- Purchase Guide
- Getting Started
- Operation Guide
- Practical Tutorial
- Remote Protection Scheme with Anti-DDoS Pro
- Using Anti-DDoS Pro Together with WFA
- Suggestions on Stress Tests
- Solutions to Real Server IP Exposure
- Creating an Anti-DDoS EIP
- Configuration Directions and Notes on CC Protection Policies
- Syncing Forwarding Rules to New Anti-DDoS Advanced Instances
- Smart Scheduling of CTCC/CUCC/CMCC Traffic
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Anti-DDoS Advanced Instance APIs
- Resource List APIs
- Protection Configuration APIs
- CreateBlackWhiteIpList
- CreateCcBlackWhiteIpList
- CreateCcGeoIPBlockConfig
- CreateDDoSAI
- CreateDDoSGeoIPBlockConfig
- CreateDDoSSpeedLimitConfig
- CreatePacketFilterConfig
- CreateProtocolBlockConfig
- CreateWaterPrintConfig
- CreateWaterPrintKey
- DeleteCcBlackWhiteIpList
- DeleteCcGeoIPBlockConfig
- DeleteDDoSGeoIPBlockConfig
- DeleteDDoSSpeedLimitConfig
- DeletePacketFilterConfig
- DeleteWaterPrintConfig
- DeleteWaterPrintKey
- DescribeCcBlackWhiteIpList
- DescribeCcGeoIPBlockConfigList
- DescribeListBlackWhiteIpList
- DescribeListDDoSAI
- DescribeListDDoSGeoIPBlockConfig
- DescribeListDDoSSpeedLimitConfig
- DescribeListPacketFilterConfig
- DescribeListProtocolBlockConfig
- DescribeListWaterPrintConfig
- ModifyCcBlackWhiteIpList
- ModifyDDoSGeoIPBlockConfig
- ModifyDDoSSpeedLimitConfig
- ModifyPacketFilterConfig
- SwitchWaterPrintConfig
- Other APIs
- Alarm Notification APIs
- Connection Configuration APIs
- Intelligent Scheduling APIs
- Black hole unblocking APIs
- Statistical Report APIs
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- Product Policy
- Glossary
- Release Notes and Announcements
- Product Introduction
- Comparison of Anti-DDoS Solutions
- Purchase Guide
- Getting Started
- Operation Guide
- Practical Tutorial
- Remote Protection Scheme with Anti-DDoS Pro
- Using Anti-DDoS Pro Together with WFA
- Suggestions on Stress Tests
- Solutions to Real Server IP Exposure
- Creating an Anti-DDoS EIP
- Configuration Directions and Notes on CC Protection Policies
- Syncing Forwarding Rules to New Anti-DDoS Advanced Instances
- Smart Scheduling of CTCC/CUCC/CMCC Traffic
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Anti-DDoS Advanced Instance APIs
- Resource List APIs
- Protection Configuration APIs
- CreateBlackWhiteIpList
- CreateCcBlackWhiteIpList
- CreateCcGeoIPBlockConfig
- CreateDDoSAI
- CreateDDoSGeoIPBlockConfig
- CreateDDoSSpeedLimitConfig
- CreatePacketFilterConfig
- CreateProtocolBlockConfig
- CreateWaterPrintConfig
- CreateWaterPrintKey
- DeleteCcBlackWhiteIpList
- DeleteCcGeoIPBlockConfig
- DeleteDDoSGeoIPBlockConfig
- DeleteDDoSSpeedLimitConfig
- DeletePacketFilterConfig
- DeleteWaterPrintConfig
- DeleteWaterPrintKey
- DescribeCcBlackWhiteIpList
- DescribeCcGeoIPBlockConfigList
- DescribeListBlackWhiteIpList
- DescribeListDDoSAI
- DescribeListDDoSGeoIPBlockConfig
- DescribeListDDoSSpeedLimitConfig
- DescribeListPacketFilterConfig
- DescribeListProtocolBlockConfig
- DescribeListWaterPrintConfig
- ModifyCcBlackWhiteIpList
- ModifyDDoSGeoIPBlockConfig
- ModifyDDoSSpeedLimitConfig
- ModifyPacketFilterConfig
- SwitchWaterPrintConfig
- Other APIs
- Alarm Notification APIs
- Connection Configuration APIs
- Intelligent Scheduling APIs
- Black hole unblocking APIs
- Statistical Report APIs
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- Product Policy
- Glossary
Use cases
Anti-DDoS provides three available protection levels for you to adjust protection policies against different DDoS attacks. The details are as follows:
Protection level | Protection action | Description |
Loose | Filters SYN and ACK data packets with explicit attack attributes. Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specification. Filters UDP data packets with explicit attack attributes. | This protection level uses a loose cleansing policy and defends against only explicit attack packets. We recommend that you choose this protection level when normal requests are blocked. Complex attack packets may bypass the security system. |
Medium | Filters SYN and ACK data packets with explicit attack attributes. Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specification. Filters UDP data packets with explicit attack attributes. Filters common UDP-based attack packages. Actively verifies the source IP addresses of some access attempts. | This protection level uses a cleansing policy that is suitable for most businesses and capable of defending against common attacks. This is the default protection level. |
Strict | Filters SYN and ACK data packets with explicit attack attributes. Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specification. Strictly checks and filters UDP data packets with explicit attack attributes and UDP-based attack packets. Actively verifies the source IP addresses of some access attempts. Filters ICMP attack packages. | The cleansing policy is strict. We recommend you use this level when attack packets bypass the security system in the Normal mode. |
Directions
1. Log in to the new Anti-DDoS console and click DDoS Protection on the left sidebar.
2. Select an Anti-DDoS instance ID in the list on the left, such as "bgp-00xxxxxx".
3. In the DDoS protection level section, choose a protection level.
Yes
No
Was this page helpful?