This topic describes the DDoS defense policies provided by Anti-DDoS Pro for the non-web service. You can refer this topic to optimize your non-web service’s anti-DDoS protection settings.

The DDoS defense policies for the non-web service in Anti-DDoS Pro is based on the IP and port protection. You can set the speed limit of connections and the length limit of packets for your IPs and ports of the non-web services that are protected by Anti-DDoS Pro, to relieve small-traffic connectivity attacks.

To set the DDoS defense policies for non-web service, follow these steps:

Log on to the Anti-DDoS Pro console. Go to Access > Non-Web Service, select your anti-DDoS pro instance, and click Configure to set the DDoS defense policies.

Note The defense policies are based on the port level.


Description of DDoS defense policies

Policy name Description
False Sources or Null Session Connections Defense against false sources and null session connections. This policy only applies to TCP rules.
New Connection Speed Limits for Source IP The maximum number of new connections per second from a single source IP. The new connections that exceed the limits are discarded. The new connection speed limits may have some deviation, because the protection device is deployed as clusters.
Concurrent Connection Speed Limits for Source The maximum number of concurrent connections from a single source IP. The connections that exceed the limits are discarded.
New Connection Speed Limits for Destination IP The maximum number of new connections per second to a single destination IP and port. The new connections that exceed the limits are discarded. The new connection speed limits may have some deviation, because the protection device is deployed as clusters.
Concurrent Connection Speed Limits for Destination IP The maximum number of concurrent connections to a single destination IP and port. The connections that exceed the limits are discarded.
Packet Length Filtering The length limit of payload included in packets (unit: byte). Packets that exceed the size limit are discarded.