Anti-DDoS Proxy is more stable and easier to deploy than traditional DDoS mitigation solutions. Anti-DDoS Proxy leverages high-quality Border Gateway Protocol (BGP) networks and intelligent protection technologies to provide strong and precise protection with high availability.
Easy deployment
You can connect your services to Anti-DDoS Proxy by using domain names or ports. The process requires up to five minutes. You do not need to install hardware or software or configure routers.
Massive protection bandwidth
Anti-DDoS Proxy is backed by more than 20 Tbps of network capacity around the world, including more than 5 Tbps of capacity outside the Chinese mainland. Anti-DDoS Proxy protects servers against DDoS attacks at the network layer, transport layer, and application layer.
Precise protection
Anti-DDoS Proxy provides precise protection against various attacks on transactions, encryption services, Layer 7 applications, smart terminals, and online services.
Intelligent protection
Anti-DDoS Proxy automatically optimizes protection algorithms and learns service traffic baselines from the protection analysis of volumetric and resource exhaustion DDoS attacks. This enables Anti-DDoS Proxy to identify malicious IP addresses, scrub traffic, and filter out attack traffic.
Burstable protection
Anti-DDoS Proxy supports burstable protection. You can configure this feature in the Anti-DDoS Proxy console. The settings take effect within seconds, and you do not need to install additional devices. Your services are not interrupted during the process. Therefore, you do not need to make any adjustments to your services.
Origin server security ensured
Anti-DDoS Proxy hides the IP addresses of origin servers. This way, attackers cannot identify the address of your origin server. This increases the security of your origin server.
Protection against volumetric DDoS attacks
Volumetric DDoS attacks at the transport layer congest networks, leave data centers unavailable, interrupt your services, or even make the services stop responding. Based on technologies such as proxy, detection, rebound, authentication, blacklist, whitelist, and packet compliance, Anti-DDoS Proxy implements IP reputation investigation, near-origin traffic scrubbing, and in-depth packet analysis of network fingerprints, user behavior, and content characteristics. These technologies block and filter out threats based on custom rules. This enables the protected services to provide external services even under continuous attacks.
Protection against resource exhaustion DDoS attacks (HTTP flood attacks)
Anti-DDoS Proxy integrates intelligent protection engines to protect against resource exhaustion DDoS attacks when application-layer services are interrupted under attacks. Anti-DDoS Proxy also supports URL-level threat filtering at custom frequencies to improve the protection success rate, protection efficiency, and work efficiency of O&M personnel. Intelligent protection engines provide effective protection by:
Learning your traffic to obtain traffic characteristics.
Dynamically generating normal service baselines.
Quickly discovering unusual traffic and characteristics.
Automatically participating in the analysis of attack characteristics.
Automatically generating a combination of multi-dimensional policies.
Dynamically executing or canceling protection policy instructions.
Stability and high availability
Anti-DDoS Proxy uses high-availability network protection clusters to prevent single points of failure and redundancy. The processing capabilities of Anti-DDoS Proxy can be scaled up. Anti-DDoS Proxy also offers automatic detection and attack policy matching to provide real-time protection and a scrubbing service availability of up to 99.95%.
Anti-DDoS Proxy monitors the inbound traffic of traffic scrubbing centers and the CPU and memory resources of all servers in the traffic scrubbing centers. This helps ensure the availability of the traffic scrubbing centers. Anti-DDoS Proxy also monitors the availability of server engines and has automatic disconnection and recovery mechanisms of the servers.
Anti-DDoS Proxy monitors the availability of back-to-origin links, and automatically switches to secondary links when primary links are unstable. This ensures link availability.
Anti-DDoS Proxy performs health checks on protected origin servers. If an origin server is not running at optimal capacity, the service traffic is forwarded to another origin server. Anti-DDoS Proxy also monitors the HTTP status codes of origin servers and initiates back-to-origin or switchover operations when errors are detected.
Traffic scheduling
Anti-DDoS Proxy schedules traffic based on cloud service-specific security events and DNS resolution. If no DDoS attacks occur, Anti-DDoS Proxy is dormant, and service traffic is directly forwarded to the origin server. If DDoS attacks occur, Anti-DDoS Proxy automatically enables DDoS mitigation. You can configure custom scheduling templates of Anti-DDoS Proxy to automatically schedule DDoS mitigation based on your business requirements.