This topic describes the release notes of Anti-DDoS Pro, Anti-DDoS Premium, and Anti-DDoS Origin features.

Anti-DDoS Pro and Anti-DDoS Premium

Release date Feature Description References
2021-03-26 Website Config Custom combination of cipher suites is supported in Transport Layer Security (TLS) policies.

After you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify which cipher suite to use based on your business requirements.

Create a custom TLS policy
2021-03-26 Website Config Multiple domain names are supported to forward back-to-origin requests.

If you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify more than one domain name that is mapped to your origin servers to forward back-to-origin requests. If you specify more than one IP address or domain name, Anti-DDoS Pro and Anti-DDoS Premium use IP hash load balancing to forward website traffic to the origin servers.

You can specify multiple domain names to forward back-to-origin requests in distributed business scenarios. This way, Anti-DDoS Pro or Anti-DDoS Premium is integrated with your network and the workload on a single origin server is reduced. This improves service stability and disaster recovery.

Add a website
2021-03-26 Website Config Remarks can be specified for a website.

After you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify remarks for the website. If you add multiple websites to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can identify different services based on the remarks, which makes operations and maintenance (O&M) more efficient.

Add a website
2021-03-26 Website Config Custom header fields and field values are supported to label requests.

If you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify a custom header field and the value of the field for the domain name. When the instance processes the requests of this domain name, the instance adds the custom header field to these requests. This allows you to collect statistics on and analyze the back-to-origin data. For example, you can accurately count the actual source ports of the requests.

Mark back-to-origin requests
2021-03-26 Static Page Caching Manual cache refreshing is supported for static page caching.

If you create custom rules for static page caching and the source content of the cached page changes, you can forcibly refresh the page cache in Anti-DDoS Pro or Anti-DDoS Premium to synchronize the latest content in time.

Configure static page caching
2020-12-15 Website Config The configurations of Enforce HTTPS Routing and Enable HTTP are provided.

If you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can enable Enforce HTTPS Routing or Enable HTTP for the website. If you enable Enforce HTTPS Routing, all HTTP requests from clients to the instance are redirected to HTTPS requests, which enhances business security. If you enable Enable HTTP, HTTPS requests to the instance are redirected to HTTP requests and then the HTTP requests are forwarded to the origin servers, which reduces the workload required to process HTTPS requests on the origin servers. All these features allow the instance to verify inbound requests and reduce the workload on downstream links and hosts.

Add a website
2020-11-05 Alert Rules Alert rules can be used to monitor multiple domain name metrics, such as queries per second (QPS) and abnormal status codes. This feature allows you to monitor the websites that are protected by your Anti-DDoS Pro or Anti-DDoS Premium instance and identify exceptions at the earliest opportunity. Configure an alert rule for Anti-DDoS Pro or Anti-DDoS Premium
2020-10-27 Mitigation Settings > Custom Policies Custom policies are supported. You can customize policies based on the IP address of your Anti-DDoS Pro or Anti-DDoS Premium instance and apply these custom policies to the instance. Create custom mitigation policies for specific scenarios
2020-09-24 Attack Analysis Attack Analysis is supported.

Attack Analysis is added to the left-side navigation pane of the Anti-DDoS Pro or Anti-DDoS Premium console. The Attack Analysis page displays the details about attack events to provide a clear view of the process and details of protection against distributed denial of service (DDoS) attacks. The details include an attack trend chart, attack source analysis, and protection flowchart.

Use the attack analysis feature
2020-09-08 Security Overview Traffic information about Secure Mainland China Acceleration (Sec-MCA) is provided on the Security Overview page.

On the Security Overview page, you can query the inbound, outbound, and attack traffic of Sec-MCA. This way, you can understand the traffic, attack mitigation effects, and the deduction of protection quotas for Sec-MCA.

Check the security overview
2020-08-04 Sec-Traffic Manager >

Cloud Service Interaction

The Cloud Service Interaction feature allows you to configure your Anti-DDoS Pro or Anti-DDoS Premium instance to interact with a Global Accelerator instance. This feature delivers the following benefits:
  • If no DDoS attacks occur, the Global Accelerator instance provides accelerated access.
  • If the Global Accelerator instance suffers DDoS attacks, the feature redirects traffic to your Anti-DDoS Pro or Anti-DDoS Premium instance for scrubbing. This reduces the impacts that DDoS attacks pose on services.
Create a cloud service interaction rule
2020-07-09 Mitigation Settings Major changes:
  • The Blocking Time option is provided for you to set the duration for IP addresses to be retained in a blacklist when you configure a Blacklist and Whitelist (Instance IP) policy for your Anti-DDoS Pro instance.
  • In the Anti-DDoS Premium console, the Blacklist and Whitelist (Instance IP) settings are provided on the Protection for Infrastructure tab, and the Intelligent protection settings are provided on the Protection for Non-website Services tab.
Configure the IP address blacklist and whitelist for an Anti-DDoS Pro or Anti-DDoS Premium instance

Configure intelligent protection

2020-06-22 Sec-MCA The Sec-MCA feature in Anti-DDoS Premium provides protection at both Layer 4 and Layer 7. This feature accelerates network access for your services outside mainland China and protects your assets against DDoS attacks. Configure Anti-DDoS Premium Sec-MCA
2020-05-19 Sec-Traffic Manager >

CDN/DCDN Interaction

Anti-DDoS Pro and Anti-DDoS Premium can interact with Dynamic Route for CDN (DCDN) to scrub malicious traffic and accelerate content delivery:
  • If no attacks are detected, DCDN accelerates traffic of your workloads.
  • If attacks are detected, traffic of your workloads is automatically redirected to Anti-DDoS Pro or Anti-DDoS Premium and then scrubbed.
  • After the attacks stop, traffic of your workloads is automatically redirected to Alibaba Cloud DCDN.
Create a CDN or DCDN interaction rule
2020-04-30 Sec-Traffic Manager >

CDN Interaction

If attacks are detected, a sandbox is enabled for CDN-accelerated domain names that integrate with Anti-DDoS Pro or Anti-DDoS Premium. Traffic is redirected to an anti-DDoS scrubbing center. This ensures service availability. Overview
2020-04-22 Sec-Traffic Manager >

General

You can set the wait time of switching back in general scheduling rules. Before the wait time elapses, you can also manually switch traffic from Anti-DDoS Pro or Anti-DDoS Premium back to cloud resources. Overview
2020-04-01 New API operations New API operations are provided for you to manage and integrate Anti-DDoS Pro and Anti-DDoS Premium instances. List of operations by function
2020-03-03 Anti-DDoS Premium interacting with CloudMonitor Anti-DDoS Premium allows you to view basic O&M data in CloudMonitor. You can customize alert rules for Anti-DDoS Premium in the CloudMonitor console based on your requirements. Configure an alert rule for Anti-DDoS Pro or Anti-DDoS Premium

Monitor blackhole filtering events and traffic scrubbing events that occur on Anti-DDoS Pro or Anti-DDoS Premium in Cloud Monitor

2020-02-18 Integrated console and region selection The consoles of Anti-DDoS Pro and Anti-DDoS Premium are integrated.
  • In the console, you can select Mainland China for Anti-DDoS Pro or Outside Mainland China for Anti-DDoS Premium.
  • You can access Anti-DDoS Pro and Anti-DDoS Premium in the same console. The Anti-DDoS Premium console is updated to provide a graphical user interface that is similar to that of the Anti-DDoS Pro console.
Differences between the features of Anti-DDoS Pro and Anti-DDoS Premium

Anti-DDoS Origin (Basic and Enterprise)

Release date Feature Description References
2019-12-18 Console A new version of the console is available.
  • In the left-side navigation pane, Anti-DDoS Basic is changed to Anti-DDoS Services.
  • In the left-side navigation pane, the Basic Protection > Instances page is changed to the Assets page. On the Assets page, the content of DDoS Attack Protection Information is updated.
  • In the left-side navigation pane, the Protection Package > Security Report, Protection Package > Protection Packages, Protection Package > Traffic Packages, and Protection Package > Operation Logs pages are changed to the Anti-DDoS Origin > Manage Instances page.
  • In the left-side navigation pane, the following entry points are added:
    • Anti-DDoS Services > Anti-DDoS Pro: directs you to the Anti-DDoS Pro console.
    • Anti-DDoS Services > Anti-DDoS Premium: directs you to the Anti-DDoS Premium console.
    • Industry-specific > Game Shield: directs you to the GameShield console.
    • How to Choose: directs you to a topic named Select an Anti-DDoS service based on the protection scenario.
Assets
2019-12-18 Assets The Basic Protection > Instances page is changed to the Assets page.

The Assets page displays the protection status of activated assets within your Alibaba Cloud account. The page provides a quick overview of security risks for your assets from DDoS attacks. On the page, you can also increase the protection capacity for a specific asset. Supported assets include Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and elastic IP addresses (EIPs).

Assets
2019-12-18 Elastic protection The preset protection threshold is changed to the elastic protection threshold. The console no longer shows a score in the Security Credibility field.

In elastic protection mode, Anti-DDoS Origin allows you to assign an extra protection capacity for your assets based on the original basic protection capacity that is provided free of charge. The extra protection capacity assigned for an asset changes based on several factors. The factors include the number of resources that an anti-DDoS cluster consumes, available resources, historical attacks that your assets encounter, and security credits of your account.

Security Credibility