This topic describes how to use Intelligent Protection provided by Anti-DDoS Pro and Anti-DDoS Premium to protect website services. Intelligent Protection is developed based on the big data technologies of Alibaba Cloud. It automatically learns traffic patterns and uses algorithms to analyze attacks. It then implements accurate access control rules to adjust protection modes and to quickly detect and block attacks, such as malicious bots and HTTP flood attacks.
Prerequisites
- A website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.
- Protection settings in Anti-DDoS Pro or Anti-DDoS Premium of the latest version are enabled.
Background information
After you set up an Anti-DDoS Pro or Anti-DDoS Premium instance to protect website services, you can enable Intelligent Protection. The intelligent protection engine automatically learns traffic patterns and protects the website against web attacks by using accurate access control rules.
Intelligent Protection mode
- Warning: In this mode, when Anti-DDoS Pro or Anti-DDoS Premium detects malicious requests,
it records the attacks but does not block any request. You can use this mode to learn
how Intelligent Protection safeguards your website.
You can use this mode and the Log Analysis feature to query warnings recorded by Intelligent Protection and verify its protection capabilities. For more information, see View attack warning logs.
- Defense: In this mode, when Anti-DDoS Pro or Anti-DDoS Premium detects malicious requests,
it directly applies accurate access control rules to block malicious requests.
Note Intelligent Protection uses accurate access control rules to trigger actions. To make sure that Intelligent Protection works as expected, you must enable Accurate Access Control. For more information, see Configure accurate access control rules.
We recommend that you use the Warning mode and the Log Analysis feature to analyze the attack logs. Enable the Defense mode only when Intelligent Protection works as expected for this policy to take effect.
Intelligent Protection level
Level | Effect | Scenario |
---|---|---|
Low | Blocks specific attacks and allows normal requests. | Large websites with high processing capabilities, and specific scenarios such as sales promotions |
Normal (recommended) | Does not process requests in most cases. When detecting traffic that poses a threat to the protected website, Anti-DDoS Pro or Anti-DDoS Premium protects the website and minimizes the negative impacts on the website services. | Scenarios where the number of requests does not greatly fluctuate and the servers have additional resources other than managing normal network traffic |
Strict | Strictly and intelligently blocks attacks but may block normal requests. | Websites that have weak protection capabilities |
Procedure
View accurate access control rules
View attack warning logs
After you enable Intelligent Protection for website services, the Log Analysis feature records detected attacks that hit Intelligent Protection rules. You can query the attack warning logs associated with the Intelligent Protection rules on the Log Analysis page. This allows you to check the performance levels of Intelligent Protection.
- The Log Analysis feature is enabled for a website. For more information, see Full log.
- The Intelligent Protection policy is enabled for a website and set to the Warning mode.
Queries
test.aliyundemo.com
with the actual website domain.
matched_host:"test.aliyundemo.com" and cc_action:alarm