Anti-DDoS Proxy (Outside Chinese Mainland) uses a two-part pricing model: a subscription fee covers the instance plan and any extended specifications you purchase upfront, while a pay-as-you-go fee covers burstable usage charged after each billing cycle.
Total cost = Subscription fee (instance fee + extended specification fee) + Pay-as-you-go fee (burstable usage fee)Choose a plan
Both plans protect services hosted outside the Chinese mainland. The key difference is how many advanced mitigation sessions are included each month.
Advanced mitigation integrates the full scrubbing capacity of all Anti-DDoS scrubbing centers in the current Alibaba Cloud region to defend against volumetric DDoS attacks. For details, see Advanced mitigation.
| Dimension | Insurance2,630 USD/month | UnlimitedUSD per port-monthUSD per QPS-monthUSD 11,560 per month |
|---|---|---|
| Advanced mitigation sessions per month | 2 sessions | Unlimited sessions |
| When sessions run out | Purchase additional sessions. See Billing of global advanced mitigation sessions. | Not applicable |
| Best for | Low attack frequency — servers and customers outside the Chinese mainland | High attack frequency or maximum business continuity — both servers and users outside the Chinese mainland |
Subscription pricing
Base instance prices
The following prices apply to instances with minimum specifications. Actual transaction prices on the buy page prevail.
| Insurance | Unlimited | |
|---|---|---|
| Monthly price | USD 2,630 | USD 11,560 |
Minimum specifications included at the base price:
| Specification | Insurance | Unlimited | Notes |
|---|---|---|---|
| Clean bandwidth | 50 Mbps | 20 Mbps | Maximum throughput when no attack is in progress. Scalable. |
| Clean QPS | 500 | 1,000 | Maximum concurrent HTTP/HTTPS requests per second when no attack is in progress. Scalable. If actual QPS exceeds the clean QPS limit, packet loss may occur and full logs may not be recorded. |
| Function plan | Standard function plan | Standard function plan | Anti-DDoS Proxy supports Standard and Enhanced function plans. See Differences between the Standard and Enhanced function plans. |
| Protected domain names | 10 | 10 | Number of HTTP/HTTPS domain names that can be added. Scalable. Every 10 additional domain names allow one additional top-level domain. |
| Ports | 5 | 5 | Number of TCP/UDP ports supported. Scalable. |
| 95th Percentile Burstable Clean Bandwidth | Disabled | Disabled | Available as an add-on pay-as-you-go feature. |
| 95th percentile burstable QPS | Disabled | Disabled | Available as an add-on pay-as-you-go feature. |
Extended specification pricing
Purchase additional resources when your requirements exceed the base specifications.
Clean bandwidth
Tiered pricing applies. See the buy page for current rates.
Clean QPS
| Clean QPS range | Unit price (USD/QPS-month) |
|---|---|
| Insurance: 0–500 / Unlimited: 0–1,000 | 0 |
| Insurance: 500–5,000 / Unlimited: 1,000–5,000 | 1.5 |
| 5,000–8,000 | 1.425 |
| 8,000–10,000 | 1.35 |
| 10,000–50,000 | 1.275 |
| 50,000–100,000 | 1.05 |
Example: Insurance instance with Clean QPS set to 6,000.
| Tier | QPS units | Unit price | Subtotal |
|---|---|---|---|
| 0–500 QPS (included) | 500 | USD 0 | USD 0 |
| 500–5,000 QPS | 4,500 | USD 1.5 | USD 6,750 |
| 5,000–6,000 QPS | 1,000 | USD 1.425 | USD 1,425 |
| Total | USD 8,175 |
Function plan
Upgrade to the Enhanced function plan for USD 1,200/month. The Enhanced function plan improves service access and DDoS attack mitigation capabilities compared to the Standard function plan.
Protected domain names
| Domain name count | Standard function plan (USD/domain-month) | Enhanced function plan (USD/domain-month) |
|---|---|---|
| 0–10 | 0 | 0 |
| 10–500 | 4.5 | 7.5 |
| 500–1,000 | 4.1 | 7 |
| 1,000–5,000 | 3.7 | 6.5 |
| 5,000–10,000 | 3.2 | 5.8 |
| 10,000–20,000 | 2.7 | 4.5 |
Example: Insurance instance with the Standard function plan and 600 protected domain names.USD per domain name-monthUSD per domain name-month
| Tier | Domain count | Unit price | Subtotal |
|---|---|---|---|
| 0–10 domains (included) | 10 | USD 0 | USD 0 |
| 10–500 domains | 490 | USD 4.5 | USD 2,205 |
| 500–600 domains | 100 | USD 4.1 | USD 410 |
| Total | USD 2,615 |
Ports
| Port count | Unit price (USD/port-month) |
|---|---|
| 0–5 | 0 |
| 5–50 | 30 |
| 50–100 | 26 |
| 100–500 | 22 |
| 500–1,500 | 18 |
Example: Insurance instance with 80 ports.
| Tier | Port count | Unit price | Subtotal |
|---|---|---|---|
| 0–5 ports (included) | 5 | USD 0 | USD 0 |
| 5–50 ports | 45 | USD 30 | USD 1,350 |
| 50–80 ports | 30 | USD 26 | USD 780 |
| Total | USD 2,130 |
Pay-as-you-go pricing
The following features are billed pay-as-you-go based on daily or monthly usage. Both are disabled by default and can be enabled on the buy page.
| Feature | Billing method | Description |
|---|---|---|
| 95th Percentile Burstable Clean Bandwidth | Pay-as-you-go, by day or by month | Provides additional clean bandwidth during traffic spikes, preventing service throttling when traffic exceeds the instance's clean bandwidth limit. See Billing of the burstable clean bandwidth feature. |
| 95th percentile burstable QPS | Pay-as-you-go, by day or by month | Provides additional QPS during traffic spikes, preventing service throttling when QPS exceeds the instance's clean QPS limit. See Billing of the burstable QPS feature. |
Expiration and release policy
Switch your service traffic back to the origin server at least seven calendar days before expiration to avoid service disruptions.
Website services: Remove the CNAME record pointing to the Anti-DDoS instance.
Non-website services: Stop using the exclusive IP address of the Anti-DDoS instance.
| Time period | Service traffic forwarding | Instance configuration |
|---|---|---|
| Within 7 calendar days after expiration | Forwarding continues, but the blackhole filtering threshold drops to 5 Gbps. If combined service traffic and attack traffic exceeds 5 Gbps, blackhole filtering is triggered. | Retained |
| Day 7 (inclusive) to Day 15 (exclusive) after expiration | Stopped | Retained |
| Day 15 after expiration | Stopped | Instance released; configuration retained |
| 1 month after release | Not applicable | If this is the last Anti-DDoS instance under your account, all configurations are permanently deleted and cannot be recovered. Otherwise, the configuration is retained. |
Overdue payments
Your account has an overdue payment when the available balance — including cash, coupons, and vouchers — is insufficient to cover the outstanding bill. Top up your account promptly to prevent service interruptions.
Renewal policy
Renew instances manually or set up automatic renewal. See Renew an instance.
Refund policy
Refunds are not available after purchase.
Bill query
Query your bills in the Expenses and Costs console. See Overview of monthly bills.