All Products
Search

This Product

    Anti-DDoS:Configure the intelligent protection feature for Layer-4 services

    Document Center

    Anti-DDoS:Configure the intelligent protection feature for Layer-4 services

    Last Updated:May 29, 2026

    By default, the intelligent protection feature is enabled. This feature uses algorithms to learn historical traffic patterns of protected services and adjusts traffic scrubbing policies at Layer 4 to better safeguard the services. After your services are protected by Anti-DDoS Proxy, intelligent protection of the normal level is enabled by default. If the normal-level protection cannot meet your requirements, you can set the level to Low or Strict as required.

    Prerequisites

    An Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance is purchased. For more information, see Purchase an Anti-DDoS Proxy instance.

    Background information

    To protect your services against Layer 4 DDoS attacks, Anti-DDoS Proxy supports the loose, normal, and strict levels of intelligent protection. The levels are provided based on historical traffic patterns of services and technical experience of Alibaba Cloud security experts. By default, intelligent protection is enabled, and the protection level is set to Normal. You can change the level based on your business requirements.

    Intelligent protection works based on historical traffic patterns. If you use an Anti-DDoS Proxy instance to protect your services for the first time, it takes about three days for Anti-DDoS Proxy to learn the traffic patterns and provide optimal protection.

    Intelligent protection algorithms automatically add malicious IP addresses to a blacklist and block all requests from these IP addresses within a specific time period. You can view, add, and remove IP addresses in the blacklist. You can also add IP addresses to the whitelist. This ensures that requests from these IP addresses are allowed. For more information, see Configure the blacklist and whitelist (IP address-based) feature.

    Procedure

    1. Log on to the Anti-DDoS Proxy console.

    2. In the top navigation bar, select the region of your instance.

      • Anti-DDoS Proxy (Chinese Mainland): Choose the Chinese Mainland region.

      • Anti-DDoS Proxy (Outside Chinese Mainland): Choose the Outside Chinese Mainland region.

    3. In the left-side navigation pane, choose Mitigation Settings > General Policies.

    4. On the General Policies page, click the Protection for Non-website Services tab. Then, select the Anti-DDoS Proxy instance you want to configure at the top of the page.

    5. In the Intelligent Protection section, click Settings.

    6. In the Intelligent Protection dialog box, select a protection Level based on the current attack situation. Then, click OK.

      Description of protection levels:

      • Loose: Automatically scrubs traffic from IP addresses with clear malicious patterns. This level has a low rate of false positives but may not block all Layer 4 attacks.

      • Normal: Automatically scrubs traffic from both clearly malicious and suspicious IP addresses. This is the default level and provides a balance between protection effectiveness and the risk of false positives. We recommend using this level for most situations.

      • Strict: Provides the strongest defense against ongoing attacks but may have a higher risk of blocking legitimate traffic (false positives).

    7. After you change the protection level, the Anti-DDoS Proxy instance immediately applies the new setting.