edit-icon download-icon

DDoS defense polices for the non-web service

Last Updated: Feb 07, 2018

This article describes the DDoS defense policies provided by Anti-DDoS Pro for the non-web service. You can refer this article to optimize your non-web service’s anti-DDoS protection settings.

How to optimize the anti-DDoS protection settings for a non-web service

The DDoS defense policies for the non-web service in Anti-DDoS Pro is based on the IP and port protection. You can set the speed limit of connections and the length limit of packets for your IPs and ports of the non-web services that are protected by Anti-DDoS Pro, to relieve small-traffic connectivity attacks.

To set the DDoS defense policies for non-web service, follow these steps:

  1. Log on to the Alibaba Cloud Security console.

  2. Go to Anti-DDoS Service > Anti-DDoS Pro > Non-Web Service, select your anti-DDoS pro instance, and click Configure to set the DDoS defense policies.

  3. Set the defense policies based on the IP or port.

    Note: The defense policies are based on the port level.

    Configure DDoS defense policies

    Description of DDoS defense policies

    Policy nameDescription
    False Sources or Null Session ConnectionsDefense against false sources and null session connections. This policy only applies to TCP rules.
    New Connection Speed Limits for Source IPThe maximum number of new connections per second from a single source IP. The new connections that exceed the limits are discarded. The new connection speed limits may have some deviation, because the protection device is deployed as clusters.
    Concurrent Connection Speed Limits for SourceThe maximum number of concurrent connections from a single source IP. The connections that exceed the limits are discarded.
    New Connection Speed Limits for Destination IPThe maximum number of new connections per second to a single destination IP and port. The new connections that exceed the limits are discarded. The new connection speed limits may have some deviation, because the protection device is deployed as clusters.
    Concurrent Connection Speed Limits for Destination IPThe maximum number of concurrent connections to a single destination IP and port. The connections that exceed the limits are discarded.
    Packet Length FilteringThe length limit of payload included in packets (unit: byte). Packets that exceed the size limit are discarded.
Thank you! We've received your feedback.