Anti-DDoS Proxy (Chinese Mainland) and Anti-DDoS Proxy (Outside Chinese Mainland) offer two function plans: Standard and Enhanced. This topic compares the two plans to help you decide which fits your security requirements.
Feature comparison
Service access
| Feature | Description | Standard | Enhanced |
|---|---|---|---|
| CDN or DCDN interaction | Accelerates content delivery while providing DDoS protection. Learn more. | Not supported | Supported |
| Application layer protection | Defends against application layer attacks that do not use HTTP or HTTPS protocols, configured in port forwarding settings. Learn more. | Not supported | Supported |
Protection settings
| Feature | Description | Standard | Enhanced |
|---|---|---|---|
| SecOps Agent (In public preview) | Enables an AI-powered autonomous mode in the Global Protection Policy. Automatically generates and continuously optimizes protection policies based on your service profile. Learn more. | Not supported | Supported |
| Static page caching | Accelerates website access. Learn more. | Not supported | Supported |
| UDP reflection attack protection | Filters out common UDP reflection attacks from UDP traffic with a single click. Learn more. | Not supported | Supported |
| Packet feature filtering | Distinguishes legitimate traffic from attack traffic using packet payload characteristics. Supports matching policies based on application-layer protocols. Learn more. | Not supported | Supported |
| Blacklist and whitelist (for domain names) | Blocks or allows access requests from specified IP addresses, bypassing all other protection policies. Learn more. | Up to 200 IPs or CIDR blocks per list, per account | Up to 2,000 IPs or CIDR blocks per list, per account |
| Near-origin traffic diversion | Blocks traffic from outside the Chinese Mainland on China Telecom and China Unicom lines and drops it near its source. Learn more. | 10 times per account (total) | 10 times per month per account |
| HTTP flood protection policy | Configures rules based on specific HTTP fields to detect and block HTTP flood attacks. Learn more. | Accurate access control: 20 rules<br>Frequency control: 20 rules | Accurate access control: 100 rules<br>Frequency control: 100 rules |
When to choose Enhanced
The Enhanced plan suits scenarios with higher protection demands:
Complex domain management: Your environment has a high volume of IP addresses or CIDR blocks to block or allow. The Enhanced plan supports up to 2,000 entries per list — 10 times the Standard limit.
Strict HTTP flood control: Your business requires fine-grained HTTP-based access control or frequency control. Enhanced raises the rule limit from 20 to 100 per policy type.
Advanced protection features: You need CDN or DCDN interaction, application layer protection for non-HTTP/HTTPS traffic, UDP reflection attack protection, or packet feature filtering.
AI-driven policy management: You want SecOps Agent to automatically generate and refine protection policies based on your service profile.
Pricing
The Enhanced plan costs an additional USD 1,145 per month compared to a Standard plan with the same specifications.USD 1,145 per month
Upgrade and downgrade
Upgrading from Standard to Enhanced is supported. Downgrading from Enhanced to Standard is not supported.
For upgrade instructions, see Upgrade an instance.