edit-icon download-icon

4-Layer cleaning mode

Last Updated: Nov 05, 2018

Anti-DDoS Pro provides four 4-layer cleaning modes against the IP-level flow cleaning policies for your choice.

Note: Currently, cleaning mode change only supports CT/CU and International lines. Generally, new cleaning policies take effect several minutes after you change the cleaning mode.

  • Low: This mode uses loose cleaning policies with a relative large threshold of speed limit.

    • Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
    • Filters defining SYN flood and ACK flood attacks.
    • Applies easing restrictions on access IPs and destination IPs, mostly on the speed limit side.
  • Medium: The default Medium mode uses normal cleaning policies.

    • Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
    • Filters defining SYN flood and ACK flood attacks.
    • Applies restrictions on access IPs and destination IPs in a certain scope, mostly on the speed limit side.
    • UUnder circumstances, enables the reverse detection algorithm for the package filtering in a certain scope.
  • Emergency: This mode uses relative strict cleaning policies. It enables connection check for each IP to block IPs that have too many connections.

    • Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
    • Filters defining SYN flood and ACK flood attacks.
    • Discards UDP packages.
    • Applies restrictions on access IPs and destination IPs in a certain scope. Speed limits, malicious IP blocking and connection limits are enabled.
  • High: This mode uses strict cleaning policies. It enables the origin authentication algorithm for package filtering under certain conditions.

    • Filters packages with defining DDoS characteristics, such as UDP reflection attack packages and attack packages that do not meet TCP characteristics.
    • Filters defining SYN flood and ACK flood attacks.
    • Discards UDP packages.
    • Applies restrictions on access IPs and destination IPs in a certain scope. Speed limits, malicious IP blocking and connection limits are enabled.
    • Enables the reverse detection algorithm for the package filtering in a certain scope.
      Warning: As some clients may not response normally to this algorithm, partial normal requests can be blocked.

Procedure

By default, your Anti-DDoS Pro instance uses the Medium cleaning mode. You can change the 4-layer cleaning mode as you needed.

  1. Log on to the Anti-DDoS Pro console.

  2. Go to Asset>Instance List, choose an ISP line of an Anti-DDoS Pro instance, click Setting in the Protection Info column to go to the DDoS Attack Protection page for the instance.

    Note: You can also go to Protection>Setting>DDoS Attack Protection page, and manually locate the Anti-DDoS Pro instance.

    DDoS Attack Protection setting

  3. Click Cleaning Mode, locate the ISP line that you want to change the cleaning mode for, and click Change.

    Change the cleaning mode

  4. Click to select a cleaning mode, and then click OK.

    Select cleaning mode

    After several minutes, the selected cleaning mode takes effect.

Thank you! We've received your feedback.