Object Storage Service (OSS) provides the versioning feature to prevent data from being accidentally deleted or overwritten. If your bucket is attacked or used to share illegal content, OSS moves the bucket to a sandbox to prevent your other buckets from being affected. If your business is prone to distributed denial of service (DDoS) attacks, you can enable the OSS DDoS protection feature for your buckets.

Versioning

OSS provides the versioning feature to prevent your data from being accidentally deleted or overwritten. After versioning is enabled for a bucket, data that is deleted or overwritten in the bucket is stored as a previous version. You can use versioning to recover a previous version of an object that was overwritten or deleted.

Versioning is applied to all objects within a versioned bucket. After you enable versioning for a bucket, versioning applies to all objects in the bucket. OSS generates a unique ID for each version of objects in the bucket. You can upload objects to a versioning-enabled bucket and list, download, delete, and recover the objects. You can also suspend versioning for a bucket to stop OSS from generating new object versions. After versioning is suspended for a bucket, you can still specify a version ID in a request to download, copy, or delete the specified previous version of an object in the bucket. You are charged for each version of objects in your bucket. You can configure lifecycle rules to delete expired versions on a regular basis.

For more information, see Overview.

OSS sandbox

If your bucket is attacked or used by other users to share illegal content, OSS moves the bucket to the sandbox. A bucket in the sandbox can respond to requests. However, the service quality is degraded. The users of your application may be aware of the degradation. In this case, you are charged the fees caused by the attack.

To prevent your bucket from being moved to the sandbox due to attacks, we recommend that you use Anti-DDoS Pro to prevent DDoS attacks and HTTP floods. To prevent your bucket from being moved to the sandbox due to the distribution of illegal content, we recommend that you activate Content Moderation to periodically scan your bucket to monitor the distribution of illegal content.

For more information, see OSS sandbox.

OSS DDoS protection

OSS DDoS protection is a proxy-based mitigation service that integrates OSS with DDoS protection. When a bucket for which OSS DDoS protection is enabled suffers DDoS attacks, OSS DDoS protection diverts malicious traffic to an Anti-DDoS Pro or Anti-DDoS Premium instance for scrubbing and then redirects normal traffic to the bucket. This way, your business can power through DDoS attacks and continue to function normally.

OSS DDoS protection can be used to protect your buckets from DDoS attacks that involve up to terabytes of traffic per second and millions of queries per second (QPS), and can switch over between Anti-DDoS Pro and Anti-DDoS Origin within a few seconds. These capabilities can prevent attacks such as SYN flood, ACK flood, Internet Control Message Protocol (ICMP) flood, UDP flood, NTP flood, Simple Service Discovery Protocol (SSDP) flood, DNS flood, and HTTP flood attacks. OSS DDoS protection is suitable for scenarios where your business is prone to attacks, ransom-driven attacks, click farming, and fraudulent traffic.

For more information, see OSS DDoS protection in OSS Developer Guide.