Secure Dynamic Route for CDN (Secure DCDN) provides protection for DCDN nodes. Secure DCDN can accelerate content delivery and ensure edge security for the following industries: e-commerce, finance, public sector, and media.

Scenarios

Industry Requirement
E-commerce
  • Accelerate the delivery of static and dynamic content about goods.
  • Resolve common issues, such as slow response and high loads on origin servers, during flash sales and promotion events.
  • Mitigate DDoS attacks to ensure service availability.
  • Prevent bots from crawling goods information or making purchases during sales promotions.
  • Secure user accounts.

Typical cases: e-commerce platforms, airline companies, and online travel agency (OTA) platforms.

Finance
  • Ensure superior user experience and smooth interactions in all geographic areas regardless of what devices are used.
  • Support elastic scaling to meet the growing number of requests from different regions.
  • Ensure fast, stable, and secure online payments.
  • Prevent service interruptions caused by DDoS attacks.
  • Secure user accounts.

Typical cases: online banking, e-wallet, mobile securities, and financial supermarkets.

Public sector
  • Refresh cache in a timely manner.
  • Handle traffic spikes and large numbers of concurrent requests during important events.
  • Maintain the website credibility by preventing content tampering.
  • Mitigate DDoS attacks.
  • Prevent vulnerability exploitation and data leakage.

Typical cases: governments and non-profit organizations

Media
  • Cache a large amount of image and text content.
  • Accelerate page loading for better user experience.
  • Refresh cache and update outdated content in a timely manner.
  • Deliver personalized content to interest readers.
  • Support a larger number of concurrent requests to stream or download videos.
  • Secure payment accounts.
  • Prevent content leakage and data theft caused by malicious behaviors, such as web crawlers, hotlinking, and video piracy.

Typical cases: digital media publishers, self-publishing media, and news websites.

Security features

The security features provided by DCDN and related documentation are described in Table1: Security features (standard configuration)

Note Typically, the security configuration of DCDN takes effect when requests are redirected to DCDN. When the accelerated domain names are attacked, the security configuration of Anti-DDoS Premium takes effect. Therefore, you must configure the security features in the DCDN and Anti-DDoS Premium consoles.
Table 1. Security features (standard configuration)
Feature Purpose Console Reference
CDN and Anti-DDoS Premium integration Enforce DDoS mitigation at the network layer. Anti-DDoS Premium Create a CDN or DCDN interaction rule
IP whitelists/blacklists Access control based on client IP addresses. DCDN Configure an IP address blacklist or whitelist
Anti-DDoS Premium Configure blacklists and whitelists for domain names
Region blacklists Access control based on regions of requests. DCDN Configure blocked regions
Anti-DDoS Premium Configure blocked regions for domain names
Access control Access control based on HTTP fields. DCDN Configure access control policies
Anti-DDoS Premium Configure accurate access control rules
Rate limiting Mitigate DDoS attacks at the application layer. DCDN Configure rate limiting
Anti-DDoS Premium Configure frequency control
Bot management Block malicious bot requests to prevent behaviors such as data theft and credential stuffing. DCDN Configure bot traffic management
Web application protection Prevent web application attacks and release virtual patches to mitigate zero-day attacks. DCDN Configure the protection rules engine

(Optional) Web Application Firewall (WAF) features

Scenarios:
  • When the accelerated domain names are attacked and you cannot submit a ticket to change the protection configuration, you can use WAF to ensure service availability.
  • The DCDN-WAF features are described in Table2 (WAF configuration). For each feature described in Table2 (WAF configuration), Table1 (standard configuration) lists corresponding configuration methods. If the standard configuration cannot meet your requirements, we recommend that you use the security features of WAF.
Notice WAF filters back-to-origin requests to protect origin servers. Requests for static content are not filtered by WAF because static content is already cached by CDN and does not need to be retrieved from origin servers. If you configure a blocking rule in the WAF console, requests for static content are processed by CDN without being redirected to origin servers. Therefore, the blocking rule does not apply to requests for static content. However, you are charged for resources consumed by WAF.

The following table describes configuration of WAF.

Table 2. Security features (WAF configuration)
Feature Purpose Reference
IP address blacklists and whitelists Access control based on client IP addresses. Configure a blacklist
Region blacklists Access control based on regions of requests. Configure blocked regions
Access control Access control based on HTTP fields. Create a custom protection policy
Rate limiting Mitigate DDoS attacks at the application layer. Configure rate limiting
Bot management Block malicious bot requests to prevent behaviors such as data theft and credential stuffing. Set a bot threat intelligence rule