How to configure a scenario-specific policy - Anti-DDoS - Alibaba Cloud Documentation Center

The Anti-DDoS Proxy scenario-specific policy feature lets you apply a dedicated policy template during periods of anticipated traffic surges, such as new service launches, major sales promotions, or stress tests. This policy runs independently of your standard mitigation policy to provide protection tailored to your business needs and prevent false positives.

Background

A scenario-specific policy uses a predefined policy template customized for a specific business scenario. To create one, you select a template and apply it to your protection targets, which can be domain names or IP addresses. The policy is active only during its specified validity period. During this period, DDoS protection for the selected targets is governed by the policy template, which temporarily overrides the standard mitigation policy.

Important

If your service is frequently attacked but does not experience significant traffic surges, we recommend using the standard mitigation policy. Do not enable a scenario-specific policy in this case.

Available policy templates

Currently, only the Major Events policy template is available. More scenario-based policy templates will be released in the future.

Example

During a major event, a website's traffic volume and patterns can differ significantly from normal operations. Under these conditions, a standard mitigation policy might misinterpret the traffic surge as an attack, leading to false positives. We recommend using the scenario-specific policy feature with the important activity template. This template automatically adjusts DDoS mitigation settings for the duration of the event. The adjustment logic is as follows:

At the start of the activity, the system records the current settings for Intelligent Protection and Frequency Control and then disables both features to prevent false positives.
At the end of the activity, the system automatically restores both features to their previous settings.
If you manually enable either feature during the activity, your manual configuration takes precedence.

Procedure

Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
- Anti-DDoS Proxy (Chinese Mainland): Choose the Chinese Mainland region.
- Anti-DDoS Proxy (Outside Chinese Mainland): Choose the Outside Chinese Mainland region.
In the left-side navigation pane, choose Mitigation Settings > Custom Policies.
Click Create Scenario-specific Policy.

In the Create Scenario-specific Policy dialog box, configure the parameters and click OK. Specify a policy name (for example, SinglesDay_Sale), select a policy template (for example, important activity), and set the start and end times for the validity period.

Parameter	Description
Policy Name	A name for the policy. The name can contain letters, digits, and underscores (_), and must not exceed 128 characters.
Policy Template	Select the template to apply. Currently, only Major Events is available.
Validity Period	Select the time range when the policy is active. Note Policies that use the same policy template cannot have overlapping Validity Periods.

After you add a policy, it is enabled by default. You can view the new policy in the policy list and check its Status. The following table describes the policy statuses.

Pending Enabling: The current time is before the start of the validity period.
In effect: The policy is being applied. This process takes one to two minutes to complete.
Enabled: The policy is active because the current time is within the validity period.
Expired: The policy is no longer in effect because the validity period has ended.
Disabled: The policy is inactive and does not take effect, even within its validity period.

In the policy list, find the new policy and click Configure Objects in the Actions column.
From the list of domain names or IP addresses already added to Anti-DDoS Proxy, select the domain names or IP addresses for this policy, and then click OK.

Note
If your service is a website added by using a domain name, apply the policy to the domain name. If your service is a Layer 4 service added by using an IP address, apply the policy to the IP address.

In the selection panel, click the Domain or IP tab and select the checkboxes of the desired domain names or IP addresses.

After you apply the policy, the Protected Object information is automatically updated. You can hover over the entry in this column to view the specific domain names or IP addresses that the policy protects. The count in the protection target column updates to show the number of selected targets, such as 2.