Secure Dynamic Route for CDN (Secure DCDN) provides protection for DCDN nodes. Secure DCDN can accelerate content delivery and ensure edge security for the following industries: e-commerce, finance, public sector, and media.
Typical cases: e-commerce platforms, airline companies, and online travel agency (OTA) platforms.
Typical cases: online banking, e-wallet, mobile securities, and financial supermarkets.
Typical cases: governments and non-profit organizations
Typical cases: digital media publishers, self-publishing media, and news websites.
The security features provided by DCDN and related documentation are described in Table1: Security features (standard configuration)
|CDN and Anti-DDoS Premium integration||Enforce DDoS mitigation at the network layer.||Anti-DDoS Premium||Create a CDN or DCDN interaction rule|
|IP whitelists/blacklists||Access control based on client IP addresses.||DCDN||Configure an IP address blacklist or whitelist|
|Anti-DDoS Premium||Configure blacklists and whitelists for domain names|
|Region blacklists||Access control based on regions of requests.||DCDN||Configure blocked regions|
|Anti-DDoS Premium||Configure blocked regions for domain names|
|Access control||Access control based on HTTP fields.||DCDN||Configure access control policies|
|Anti-DDoS Premium||Configure accurate access control rules|
|Rate limiting||Mitigate DDoS attacks at the application layer.||DCDN||Configure rate limiting|
|Anti-DDoS Premium||Configure frequency control|
|Bot management||Block malicious bot requests to prevent behaviors such as data theft and credential stuffing.||DCDN||Configure bot traffic management|
|Web application protection||Prevent web application attacks and release virtual patches to mitigate zero-day attacks.||DCDN||Configure the protection rules engine|
(Optional) Web Application Firewall (WAF) features
- When the accelerated domain names are attacked and you cannot submit a ticket to change the protection configuration, you can use WAF to ensure service availability.
- The DCDN-WAF features are described in Table2 (WAF configuration). For each feature described in Table2 (WAF configuration), Table1 (standard configuration) lists corresponding configuration methods. If the standard configuration cannot meet your requirements, we recommend that you use the security features of WAF.
The following table describes configuration of WAF.
|IP address blacklists and whitelists||Access control based on client IP addresses.||Configure a blacklist|
|Region blacklists||Access control based on regions of requests.||Configure blocked regions|
|Access control||Access control based on HTTP fields.||Create a custom protection policy|
|Rate limiting||Mitigate DDoS attacks at the application layer.||Configure rate limiting|
|Bot management||Block malicious bot requests to prevent behaviors such as data theft and credential stuffing.||Set a bot threat intelligence rule|