Alibaba Cloud Dynamic Route for CDN (DCDN) integrates Anti-DDoS to protect accelerated domain names from distributed denial of service (DDoS) attacks. This topic describes how to enable DDoS mitigation in the console.

Background information

Note If your SSL certificate is a free certificate, you cannot enable DDoS mitigation.

Attackers use multiple compromised or controlled machines to generate a large number of packets or requests, which ultimately overwhelms the victim and causes the victim to stop responding. Alibaba Cloud Anti-DDoS service can help you prevent potential DDoS attacks, reduce business losses, and ensure business stability and availability.

To mitigate DDoS attacks, you can enable the DDoS mitigation feature. When the system detects a DDoS attack, it automatically routes the traffic from DCDN to DDoS mitigation. After the attack, the Alibaba Cloud Anti-DDoS system automatically switches the traffic back to DCDN.

This feature is applicable to various scenarios. The following section provides a few typical examples:
  • Finance

    Ensures the availability of services and improves user experience across the globe. Protects user information, transactions, and data assets to minimize losses caused by attacks.

  • Retail

    Accelerates content delivery for enterprise websites, e-commerce and ticketing platforms, and collaborative software. Mitigates attacks to ensure business availability.

  • Media

    Accelerates the delivery of media content. Provides protection to avoid service disruptions caused by traffic spikes or attacks.

Apply to enable DDoS mitigation

  1. Log on to the DCDN console.
  2. In the left-side navigation pane, click DDoS Mitigation > Domain Names.
  3. Click Activate Now to join the DingTalk group (32615821) to request customer support.

Configure mitigation rules

You can set different QPS thresholds for each domain name based on your business requirements to enable DDoS mitigation at different times.

  1. Log on to the DCDN console.
  2. In the left-side navigation pane, click DDoS Mitigation > Domain Names.
  3. On the Domain Names page, click DDos Mitigation Disabled tab, select the domain name that you want to enable, and click Activate Now.
  4. Set QPS Threshold.
  5. Click OK.
    DCDN enables DDoS mitigation based on the following logic:
    • DCDN determines whether DDoS attacks occur.
    • DCDN determines whether DDoS mitigation is enabled based on the specified QPS threshold.

Modify DDoS mitigation settings or disable DDoS mitigation

  1. Log on to the DCDN console.
  2. In the left-side navigation pane, click DDoS Mitigation > Domain Names.
  3. On the Domain Names tab, click the DDoS Mitigation Enabled tab.
  4. On the DDoS Mitigation Enabled tab, you can modify DDoS mitigation settings or disable DDoS mitigation.
    • Modify DDoS mitigation settings.

      Select the domain name that you want to modify and click Configure to modify the QPS threshold.

    • Disable DDoS mitigation.

      Select the domain name that you want to disable and click Disable.

  5. Click OK.