Anti-DDoS Proxy is more stable and easier to deploy than traditional DDoS mitigation solutions. It defends against DDoS attacks at the network, transport, and application layers, backed by more than 20 Tbps of global network capacity. It uses high-quality Border Gateway Protocol (BGP) networks and intelligent protection engines to deliver precise, automated mitigation with up to 99.95% scrubbing service availability.
Easy deployment
Connect services to Anti-DDoS Proxy using domain names or ports. The process takes up to five minutes and requires no hardware or software installation and no router configuration.
Massive protection bandwidth
Anti-DDoS Proxy is backed by more than 20 Tbps of network capacity globally, including more than 5 Tbps outside the Chinese mainland. This capacity covers attacks at the network layer, transport layer, and application layer.
Attack coverage
Anti-DDoS Proxy detects and mitigates attacks across OSI layers:
| OSI layer | Attack class | Examples |
|---|---|---|
| L3/L4 | Volumetric DDoS attacks | Network congestion attacks that exhaust bandwidth and make data centers unavailable |
| L7 | Resource exhaustion DDoS attacks | HTTP flood attacks that overwhelm application-layer services |
Volumetric attack protection uses proxy, detection, rebound, authentication, blacklist, whitelist, and packet compliance technologies. IP reputation investigation, near-origin traffic scrubbing, and in-depth packet analysis of network fingerprints, user behavior, and content characteristics work together to block and filter threats based on custom rules—keeping protected services available even under continuous attack.
Resource exhaustion attack protection uses intelligent protection engines that defend against HTTP flood attacks through a six-step process:
Learn traffic patterns to build traffic characteristics.
Dynamically generate normal service baselines.
Quickly detect unusual traffic and characteristics.
Automatically analyze attack characteristics.
Automatically generate multi-dimensional protection policies.
Dynamically apply or cancel protection policy instructions.
The engines also support URL-level threat filtering at custom frequencies to improve the protection success rate, protection efficiency, and work efficiency of O&M personnel.
Anti-DDoS Proxy provides precise protection against attacks targeting transactions, encryption services, Layer 7 applications, smart terminals, and online services.
Intelligent protection
Anti-DDoS Proxy automatically optimizes protection algorithms and learns service traffic baselines from the analysis of volumetric and resource exhaustion DDoS attacks. This enables Anti-DDoS Proxy to identify malicious IP addresses, scrub traffic, and filter out attack traffic.
Burstable protection
Anti-DDoS Proxy supports burstable protection. Configure burstable protection directly in the Anti-DDoS Proxy console—settings take effect within seconds with no additional devices required. Services remain uninterrupted throughout, and you do not need to make any adjustments to your services.
Origin server security
Anti-DDoS Proxy hides the IP addresses of origin servers, preventing attackers from identifying and directly targeting them.
Stability and high availability
Anti-DDoS Proxy uses high-availability network protection clusters to eliminate single points of failure. The processing capabilities of Anti-DDoS Proxy can be scaled up, and automatic attack detection and policy matching enable real-time protection with a scrubbing service availability of up to 99.95%.
The following mechanisms keep the service running under adverse conditions:
Scrubbing center monitoring: Continuously monitors inbound traffic and the CPU and memory resources of all servers in the traffic scrubbing centers.
Server engine monitoring: Monitors engine availability and applies automatic disconnection and recovery mechanisms.
Back-to-origin link redundancy: Monitors back-to-origin link availability and automatically switches to secondary links when primary links are unstable.
Origin server health checks: Performs health checks on protected origin servers and forwards traffic to an available server if one is not running at optimal capacity. Also monitors HTTP status codes and initiates back-to-origin or switchover operations when errors are detected.
Traffic scheduling
Anti-DDoS Proxy schedules traffic based on cloud service-specific security events and DNS resolution. When no DDoS attacks are occurring, Anti-DDoS Proxy stays dormant and service traffic flows directly to the origin server. When an attack is detected, Anti-DDoS Proxy automatically activates DDoS mitigation. Configure custom scheduling templates to automate traffic scheduling based on your business requirements.