This topic describes the release notes for Anti-DDoS Pro, Anti-DDoS Premium, and Anti-DDoS Origin and provides links to the relevant references.

2021

Release date Applicable service Feature Description References
2021-07-28 Anti-DDoS Pro and Anti-DDoS Premium Investigation The details of web resource exhaustion attacks can be queried on the Attack Analysis tab.

You can get an idea of the scrubbing capabilities of Anti-DDoS Pro or Anti-DDoS Premium, accurately evaluate the impacts of attacks on your services, and promptly adjust protection policies based on the details of the web resource exhaustion attacks.

View information on the Attack Analysis page
2021-07-10 Anti-DDoS Pro and Anti-DDoS Premium Investigation Log collection can be enabled or disabled for multiple domain names on the Log Analysis page at a time. Quick start
2021-07-07 Anti-DDoS Pro and Anti-DDoS Premium Sec-Traffic Manager Switch to DDoS is supported for the interaction rules of Sec-Traffic Manager.

After you create an interaction rule, service traffic is automatically switched to your Anti-DDoS Pro or Anti-DDoS Premium instance for scrubbing only when blackhole filtering is triggered. You can also manually switch service traffic to your instance for scrubbing before blackhole filtering is triggered based on the protection requirements of your services. This reduces the adverse impacts caused by blackhole filtering and traffic switchover.

Create a cloud service interaction rule

Create a tiered protection rule

Create a CDN or DCDN interaction rule

Create a network acceleration rule

2021-06-01 Anti-DDoS Pro Assets IPv6 addresses are supported for Anti-DDoS Pro instances.

You can apply for an IPv6 address for an Anti-DDoS Pro instance. This way, IPv4 traffic and IPv6 traffic can be forwarded to the same origin server that uses IPv4 addresses or to the respective origin servers that use IPv4 and IPv6 addresses.

Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance
2021-05-24 Anti-DDoS Pro and Anti-DDoS Premium Investigation In addition to blackhole filtering events and traffic scrubbing events that are detected in Anti-DDoS Pro or Anti-DDoS Premium, the events of flood attacks at Layer 4 and the events of HTTP flood attacks at Layer 7 can also be monitored by CloudMonitor. This feature provides comprehensive information about the security events that are detected in Anti-DDoS Pro or Anti-DDoS Premium.

You can configure alert rules for events that are detected in Anti-DDoS Pro or Anti-DDoS Premium. This way, if an attack event is detected, CloudMonitor can send alert notifications in a timely manner.

Monitor attack events that occur on Anti-DDoS Pro or Anti-DDoS Premium
2021-05-15 Anti-DDoS Pro and Anti-DDoS Premium Provisioning The features that are used to add domain names and ports are supported by Terraform. For more information, see Terraform. You can use Terraform to manage configurations in a centralized manner. This makes O&M more efficient. Terraform documentation
2021-04-30 Anti-DDoS Premium Provisioning The access configurations of multiple domain names can be modified at a time in Anti-DDoS Premium.
Note Anti-DDoS Pro supports this feature before Anti-DDoS Premium does.
Edit a website configuration
2021-04-27 Anti-DDoS Premium Investigation Attack analysis reports can be queried in Anti-DDoS Premium. This way, you can obtain information, such as the attack trend charts, analysis results of attack sources, and geographical distribution of attack sources.
Note Anti-DDoS Pro supports this feature before Anti-DDoS Premium does.
View information on the Attack Analysis page
2021-04-22 Anti-DDoS Pro and Anti-DDoS Premium Mitigation Settings The mitigation settings for UDP reflection attacks can be configured on the Protection for Infrastructure tab.

You can configure filtering policies based on the source ports of UDP traffic. You can enable one-click filtering for the source ports of common UDP reflection attacks. You can also customize filtering policies for the source ports of new types of UDP reflection attacks. This allows you to respond to UDP reflection attacks at the earliest opportunity and ensure the availability of UDP services.

Use the feature of UDP Reflection Attacks Protection
2021-04-15 Anti-DDoS Pro and Anti-DDoS Premium Investigation The entry point to the Cloud monitor alerts page is added to the Investigation module in the left-side navigation pane.

On the Cloud monitor alerts page, you can view the types of alerts supported by Anti-DDoS Pro and Anti-DDoS Premium. You can also click the required button to go to the CloudMonitor console and enable alerting for Anti-DDoS Pro and Anti-DDoS Premium.

Create threshold-triggered alert rules in the CloudMonitor console
2021-03-31 Anti-DDoS Premium Sec-Traffic Manager Network acceleration policies are optimized for Anti-DDoS Premium.

The waiting time that is required for automatic switchback during network acceleration is reduced from 30 minutes to 10 minutes.

Create a network acceleration rule
2021-03-26 Anti-DDoS Pro and Anti-DDoS Premium Website Config Custom combinations of cipher suites are supported in Transport Layer Security (TLS) policies.

After you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify the cipher suite based on your business requirements.

Customize a TLS policy
2021-03-26 Anti-DDoS Pro and Anti-DDoS Premium Website Config Multiple domain names are supported to forward back-to-origin requests.

When you add a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify more than one domain name that is mapped to your origin servers to forward back-to-origin requests. If you specify more than one IP address or domain name, Anti-DDoS Pro and Anti-DDoS Premium use IP hash load balancing to forward website traffic to the origin servers.

You can specify multiple domain names to forward back-to-origin requests in distributed business scenarios. This way, you can use Anti-DDoS Pro or Anti-DDoS Premium together with your network, and the workload on a single origin server is reduced. This improves service stability and disaster recovery.

Add a website
2021-03-26 Anti-DDoS Pro and Anti-DDoS Premium Website Config Remarks can be specified for a website.

After you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify remarks for the website. If you add multiple websites to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can identify services based on the remarks. This makes O&M more efficient.

Add a website
2021-03-26 Anti-DDoS Pro and Anti-DDoS Premium Website Config Custom header fields and field values are supported to label requests.

When you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify a custom header field and the value of the field for the domain name. When the instance processes the requests of this domain name, the instance adds the custom header field to these requests. This allows you to collect statistics on and analyze the back-to-origin data. For example, you can accurately count the actual source ports of the requests.

Mark back-to-origin requests
2021-03-26 Anti-DDoS Pro and Anti-DDoS Premium Static Page Caching Manual cache refreshing is supported for static page caching.

If you create custom rules for static page caching and the source content of the cached page changes, you can forcibly refresh the page cache in Anti-DDoS Pro or Anti-DDoS Premium to synchronize the latest content in time.

Configure static page caching

2020

Release date Applicable service Feature Description References
2020-12-15 Anti-DDoS Pro and Anti-DDoS Premium Website Config The configurations of Enable HTTPS Routing and Enable HTTP are provided.

When you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can configure the Enable HTTPS Routing or Enable HTTP setting for the website. If you turn on Enable HTTPS Routing, all HTTP requests from clients to the instance are redirected to HTTPS requests, which enhances service security. If you turn on Enable HTTP, HTTPS requests to the instance are redirected to HTTP requests and then the HTTP requests are forwarded to the origin servers. This reduces the workload required to process HTTPS requests on the origin servers. These features allow the instance to authenticate inbound requests and help reduce the workload on downstream links and hosts.

Add a website
2020-11-05 Anti-DDoS Pro and Anti-DDoS Premium Alert Rules Multiple domain name metrics, such as queries per second (QPS) and abnormal status codes, are supported by alert rules. You can use these metrics to monitor the websites that are protected by your Anti-DDoS Pro or Anti-DDoS Premium instance and identify exceptions at the earliest opportunity. Configure an alert rule for Anti-DDoS Pro or Anti-DDoS Premium
2020-10-27 Anti-DDoS Pro and Anti-DDoS Premium Mitigation Settings > Custom Policies Custom policies are supported. You can customize policies based on the IP address of your Anti-DDoS Pro or Anti-DDoS Premium instance and apply these custom policies to the instance. Create custom mitigation policies for specific scenarios
2020-09-24 Anti-DDoS Pro Attack Analysis Attack Analysis is supported only for Anti-DDoS Pro.

The entry point to the Attack Analysis page is added to the left-side navigation pane of the Anti-DDoS Pro console. The Attack Analysis page displays the details about attack events to provide a clear view of the process and details of protection against DDoS attacks. The details include an attack trend chart, attack source analysis, and protection flowchart.

View information on the Attack Analysis page
2020-09-08 Anti-DDoS Premium Security Overview Traffic information about Secure Mainland China Acceleration (Sec-MCA) is provided on the Security Overview page.

On the Security Overview page, you can query the inbound, outbound, and attack traffic of Sec-MCA. This way, you can understand the traffic, attack mitigation effects, and the deduction of protection quotas for Sec-MCA.

Check the security overview
2020-07-09 Anti-DDoS Pro and Anti-DDoS Premium Mitigation Settings Major changes:
  • The Blocking Time option is provided for you to set the duration for IP addresses to be retained in a blacklist when you configure a Blacklist and Whitelist (Instance IP) policy for your Anti-DDoS Pro instance.
  • In the Anti-DDoS Premium console, the Blacklist and Whitelist (Instance IP) settings are provided on the Protection for Infrastructure tab, and the Intelligent protection settings are provided on the Protection for Non-website Services tab.
Configure the IP address blacklist and whitelist for an Anti-DDoS Pro or Anti-DDoS Premium instance

Configure intelligent protection

2020-06-22 Anti-DDoS Premium Sec-Traffic Manager >

Sec-MCA

The Sec-MCA feature in Anti-DDoS Premium provides protection at both Layer 4 and Layer 7. This feature accelerates network access for your services outside mainland China and protects your assets against DDoS attacks. Configure Anti-DDoS Premium Sec-MCA
2020-05-19 Anti-DDoS Pro and Anti-DDoS Premium Sec-Traffic Manager >

CDN/DCDN Interaction

Anti-DDoS Pro and Anti-DDoS Premium can work with Dynamic Route for CDN (DCDN) to scrub malicious traffic and accelerate content delivery:
  • If no attacks are detected, DCDN accelerates traffic of your workloads.
  • If attacks are detected, traffic of your workloads is automatically redirected to Anti-DDoS Pro or Anti-DDoS Premium for scrubbing. This ensures service availability.
  • After the attacks stop, traffic of your workloads is automatically redirected to DCDN.
Create a CDN or DCDN interaction rule
2020-04-30 Anti-DDoS Pro and Anti-DDoS Premium Sec-Traffic Manager >

CDN Interaction

If attacks are detected, CDN-accelerated domain names that integrate with Anti-DDoS Pro or Anti-DDoS Premium are added to a sandbox. The traffic of the domain names is redirected to Anti-DDoS Pro or Anti-DDoS Premium for scrubbing. This ensures service availability. Overview
2020-04-22 Anti-DDoS Pro and Anti-DDoS Premium Sec-Traffic Manager >

General

You can set the waiting time that is required for traffic switchback in general scheduling rules. Before the waiting time elapses, you can also manually switch traffic from Anti-DDoS Pro or Anti-DDoS Premium back to cloud resources. Overview
2020-04-01 Anti-DDoS Pro and Anti-DDoS Premium New API operations New API operations are provided for you to manage and integrate Anti-DDoS Pro and Anti-DDoS Premium instances. List of operations by function
2020-03-03 Anti-DDoS Premium Anti-DDoS Premium interacting with CloudMonitor Anti-DDoS Premium allows you to view basic O&M data in CloudMonitor. You can customize alert rules for Anti-DDoS Premium in the CloudMonitor console based on your business requirements. Configure an alert rule for Anti-DDoS Pro or Anti-DDoS Premium

Monitor attack events that occur on Anti-DDoS Pro or Anti-DDoS Premium

2020-02-18 Anti-DDoS Pro and Anti-DDoS Premium Integrated console and region selection The consoles of Anti-DDoS Pro and Anti-DDoS Premium are integrated.
  • In the console, you can select Mainland China for Anti-DDoS Pro or Outside Mainland China for Anti-DDoS Premium.
  • You can access Anti-DDoS Pro and Anti-DDoS Premium in the same console. The Anti-DDoS Premium console is updated to provide a graphical user interface that is similar to that of the Anti-DDoS Pro console.
Differences between the features of Anti-DDoS Pro and Anti-DDoS Premium

2019

Release date Applicable service Feature Description References
2019-12-18 Anti-DDoS Origin Console A new version of the console is available.
  • In the left-side navigation pane, Anti-DDoS Basic is changed to Anti-DDoS Services.
  • In the left-side navigation pane, the Basic Protection > Instances page is changed to the Assets page. On the Assets page, the content of DDoS Attack Protection Information is updated.
  • In the left-side navigation pane, the Protection Package > Security Report, Protection Package > Protection Packages, Protection Package > Traffic Packages, and Protection Package > Operation Logs pages are changed to the Anti-DDoS Origin > Manage Instances page.
  • In the left-side navigation pane, the following entry points are added:
    • Anti-DDoS Services > Anti-DDoS Pro: directs you to the Anti-DDoS Pro console.
    • Anti-DDoS Services > Anti-DDoS Premium: directs you to the Anti-DDoS Premium console.
    • Industry-specific > Game Shield: directs you to the GameShield console.
    • How to Choose: directs you to a topic named Select an Anti-DDoS service based on the protection scenario.
Assets
2019-12-18 Anti-DDoS Origin Assets The Basic Protection > Instances page is changed to the Assets page.

The Assets page displays the protection status of activated assets within your Alibaba Cloud account. The page provides a quick overview of security risks for your assets from DDoS attacks. On the page, you can also increase the protection capacity for a specific asset. Supported assets include Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and elastic IP addresses (EIPs).

Assets
2019-12-18 Anti-DDoS Origin Elastic protection The preset protection threshold is changed to the elastic protection threshold. The console no longer shows a score in the Security Credibility field.

In elastic protection mode, Anti-DDoS Origin allows you to assign an extra protection capacity for your assets based on the original basic protection capacity that is provided free of charge. The extra protection capacity assigned for an asset changes based on several factors. The factors include the number of resources that an anti-DDoS cluster consumes, available resources, historical attacks that your assets encounter, and security credits of your account.

Security Credibility