Intelligent protection uses algorithms to learn the historical traffic patterns of your protected services and automatically adjusts Layer 4 traffic scrubbing policies. After you add a service to Anti-DDoS Proxy, intelligent protection is enabled at the Normal level by default. Adjust the level when your business requires stronger defense or a lower false-positive rate.
Prerequisites
Before you begin, ensure that you have:
An Anti-DDoS Proxy (Chinese Mainland) or Anti-DDoS Proxy (Outside Chinese Mainland) instance. For purchase instructions, see Purchase an Anti-DDoS Proxy instance
How it works
Intelligent protection builds a traffic baseline from the historical traffic patterns of each protected service. Based on this baseline, it automatically adds malicious IP addresses to a blacklist and blocks all requests from those addresses for a specific period. You can view, add, and remove IP addresses in the blacklist, and add IP addresses to the whitelist to ensure their requests are always allowed.
If this is the first time your service is protected by Anti-DDoS Proxy, allow approximately three days for the system to learn your traffic patterns and establish a reliable baseline before protection reaches its optimal effectiveness.
Three protection levels are available. Each level represents a different trade-off between detection sensitivity and false-positive risk:
| Level | Sensitivity | False-positive risk | Best for |
|---|---|---|---|
| Loose | Low | Low | Services where minimizing disruption to legitimate traffic is the priority; may not block all Layer 4 volumetric attacks |
| Normal | Medium | Low | Most services — scrubs traffic from both malicious and suspicious IP addresses, balancing attack defense with a low false-positive rate (default; recommended for common scenarios) |
| Strict | High | Higher | Services under frequent or severe DDoS attacks that require maximum protection |
Note: To allow specific IP addresses regardless of the protection level, manage them in the blacklist and whitelist. See Configure the blacklist and whitelist (IP address-based) feature.
Set the protection level
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): Select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): Select Outside Chinese Mainland.
In the left-side navigation pane, choose Mitigation Settings > General Policies.
On the General Policies page, click the Protection for Non-website Services tab, then select your instance from the Select Instance drop-down list.
In the Intelligent Protection section, click Settings.
In the Intelligent Protection dialog box, select the Level that fits your requirements, then click OK.
After the protection level is changed, the instance protects services based on the configured level.
What's next
Configure the blacklist and whitelist (IP address-based) feature — manage IP-level exceptions for your intelligent protection policy