The Intelligent Protection policy of Anti-DDoS Pro and Anti-DDoS Premium is enabled by default. This policy uses algorithms to learn the historical traffic patterns of protected services and then adjusts the traffic scrubbing policies of Layer 4 services to better safeguard the services. After your service is protected by Anti-DDoS Pro or Anti-DDoS Premium, the Intelligent Protection policy of the Normal level is enabled by default. If the Normal level cannot meet your requirements, you can set the level to Low or Strict as required.

Prerequisites

An Anti-DDoS Pro or Anti-DDoS Premium instance is available. For more information, see Purchase Anti-DDoS Pro or Anti-DDoS Premium instances.

Background information

Notice In the top navigation bar of the Anti-DDoS Pro or Anti-DDoS Premium console, you can switch the region (Mainland China and Outside Mainland China), and the system switches between Anti-DDoS Pro and Anti-DDoS Premium accordingly for you to manage and configure Anti-DDoS Pro or Premium instances. Ensure that you switch to the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

To protect your services against Layer 4 DDoS attacks, both Anti-DDoS Pro and Anti-DDoS Premium support the Low, Normal, and Strict levels of Intelligent Protection. These levels are provided based on historical traffic patterns of services and technical experience from Alibaba Cloud attack and defense experts. The Intelligent Protection policy is enabled by default. The default protection level is Normal. You can change the level as required.

Intelligent Protection works based on historical traffic patterns. If this is your first time to set up an Anti-DDoS Pro or Anti-DDoS Premium instance to protect your services, it takes about three days for Anti-DDoS Pro or Anti-DDoS Premium to learn the traffic patterns in order to provide optimal protection.

Intelligent protection algorithms automatically add malicious IP addresses to a blacklist and drop all requests from these IP addresses within a specific time period. You can view IP addresses and remove them from the blacklist, or manually add IP addresses to the blacklist. You can also add IP addresses to a whitelist. This ensures that requests from these IP addresses are allowed. For more information, see Configure a blacklist or whitelist for destination IP addresses.
Note The Black Lists and White Lists (Destination IP) policy is available only for Anti-DDoS Pro.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region of your Anti-DDoS instance.
    • Mainland China: Anti-DDoS Pro
    • Outside Mainland China: Anti-DDoS Premium
  3. In the left-side navigation pane, choose Mitigation Settings > General Policies.
  4. On the General Policies page, click the Protection for Non-website Services tab and select the target instance from the Select Instance drop-down list.
  5. In the Intelligent protection section, click Modify.Change the intelligent protection level
  6. In the Intelligent protection dialog box, set Level as required and then click OK.Scrubbing mode
    Protection levels are described as follows:
    • Low: At this level, Intelligent Protection automatically scrubs traffic from malicious IP addresses. It may not be able to block all Layer 4 volumetric attacks but has a low false positive rate.
    • Normal: At this level, Intelligent Protection automatically scrubs traffic from malicious and potentially malicious IP addresses. It is the default level. Intelligent Protection protects services against DDoS attacks while maintaining a low false positive rate at this level. We recommend that you use this level for most scenarios.
    • Strict: At this level, Intelligent Protection provides the strongest protection against DDoS attacks but may cause false positives.
    After the protection level is set, the Anti-DDoS Pro or Anti-DDoS Premium instance will protect services based on the configured level.