If the response time of your website is increased due to HTTP flood attacks, you can use the rate limiting feature of Dynamic Route for CDN (DCDN) to block specific requests that are sent to your website. This feature can be used to block requests within seconds and improve website security. This topic describes how to configure rate limiting.
You can set the following parameters. The parameters take effect for all rules.
Select Yes or No.
When the system attempts to match a request with a rate limiting rule, the system first attempts to match the Uniform Resource Identifier (URI) of the request. After the parameter check feature is enabled, the rate limiting feature compares the specified URIs with all parameters retained with requests. The parameter check feature checks only URIs. Custom match rules that are set for the custom rate limiting mode do not apply to this feature.
|Control Mode||You can select one of the following modes:
Follow the instructions to create a custom rule. The following table describes the parameters.
|Rule Name||The name must be 4 to 30 characters in length, and can contain letters and digits. The names of rules that are set for the same accelerated domain name must be unique.|
|URI||Enter the URI that you want to protect, for example,
|Matching Mode||You can select one of the following match rules. The rate limiting rule applies the match rules in the following order: exact match, prefix match, and fuzzy match. You can adjust the priorities of the match rules in a rate limiting rule. The match rules are listed and executed based on their priorities.
|Interval||Set a time period during which request statistics are collected. This parameter takes effect only if you specify a check object. The time period must be from 10 seconds to 600 seconds.|
|Check and Block Object||You can select one of the following types of objects:
|Matching Rule||You can click Add Rule and set the following parameters: Type, Option, Operator, and Value.|
|Action||Specify an action to be performed after a request matches the specified match rule. Then, specify the period of time that the source IP address remains blocked if the Action parameter is set to Block.
|TTL||Specify how long IP addresses remain blocked. The time period must be at least 60 seconds.|
|Scenario||Check object||Interval||Matching rule||Action||TTL|
|4xx or 5xx errors||IP||10 seconds||
|Anomalies of queries per second (QPS)||Domains||10 seconds||
||Human-machine identification||10 minutes|