Anti-DDoS Basic is a free service automatically enabled on select Alibaba Cloud products. It provides 500 Mbps to 5 Gbps of mitigation capability against network-layer (L3) and transport-layer (L4) DDoS attacks.
If a resource is frequently targeted, the platform adjusts its mitigation capability based on historical attack records to maintain platform stability.
How it works
Anti-DDoS Basic protects cloud resources through two mechanisms:
AI-based traffic analysis. Anti-DDoS Basic applies a default scrubbing threshold, which you can also configure manually. It continuously monitors inbound traffic using Alibaba Cloud's big data capabilities. Rather than relying on fixed thresholds alone, it learns normal traffic patterns and detects anomalies. Traffic scrubbing is triggered only when both conditions are met: the AI detects a DDoS attack, and inbound traffic reaches the BPS or PPS threshold you set. This dual-condition approach prevents false positives from normal traffic spikes.
Blackhole filtering. If an attack exceeds the mitigation capability (the blackhole triggering threshold), Alibaba Cloud temporarily blocks all inbound traffic to the affected resource. This contains the attack and prevents it from degrading other assets on the platform. For details, see Blackhole filtering policy of Alibaba Cloud.
Anti-DDoS Basic defends against network-layer and transport-layer attacks (L3/L4), such as UDP reflection attacks and SYN/ACK Flood attacks. It does not defend against application-layer attacks (L7), such as HTTP Flood attacks and CC attacks. Under certain conditions — including high-volume HTTP Flood or SYN Flood attacks, or traffic that exceeds platform specifications — service access may be affected even when Anti-DDoS Basic is active.
Protected cloud products
Anti-DDoS Basic is integrated into the following Alibaba Cloud products and enabled by default. It cannot be disabled.
Elastic Compute Service (ECS) instances
Server Load Balancer (SLB) instances
Elastic IP addresses (EIPs)
EIPs associated with a NAT gateway
IPv6 gateways
Simple application servers
Web Application Firewall (WAF) instances
Global Accelerator (GA) instances
Anycast EIPs
Supported regions
Area | Region |
Asia Pacific | Thailand (Bangkok), Philippines (Manila), Japan (Tokyo), Indonesia (Jakarta), Malaysia (Kuala Lumpur), South Korea (Seoul), Singapore, China (Hong Kong), China (Chengdu), China (Guangzhou), China (Heyuan), China (Shenzhen), China (Ulanqab), China (Hohhot), China (Zhangjiakou), China (Beijing), China (Qingdao), China (Fuzhou - Local Region), China (Nanjing - Local Region), China (Shanghai), China (Hangzhou) |
Europe and Americas | UK (London), Germany (Frankfurt), US (Virginia), US (Silicon Valley) |
Middle East | SAU (Riyadh - Partner Region), UAE (Dubai) |
Attack types and coverage
| Attack type | OSI layer | Mechanism | Covered by Anti-DDoS Basic |
|---|---|---|---|
| Network volumetric attacks | L3 | Consume server bandwidth by flooding the network with malformed packets or high-volume traffic (e.g., UDP reflection attacks) | Yes |
| Transport-layer flood attacks | L4 | Exhaust connection state by flooding protocol handshakes (e.g., SYN Flood attacks, ACK Flood attacks) | Yes |
| Application-layer attacks | L7 | Consume server processing capacity with requests that appear legitimate (e.g., HTTP Flood attacks, CC attacks, DNS Flood attacks) | No |
What's next
Adjust scrubbing thresholds. Customize the BPS and PPS thresholds at which traffic scrubbing is triggered. The maximum threshold depends on the specifications of your cloud product instance. See Set scrubbing thresholds and Cloud product specifications and scrubbing thresholds.
Check per-product blackhole thresholds. Review the blackhole filtering thresholds for each supported cloud product. See Thresholds that trigger blackhole filtering in Anti-DDoS Basic.
Upgrade your protection. If Anti-DDoS Basic does not meet your requirements, consider a paid product:
Anti-DDoS Origin — enhanced volumetric attack protection without changing your IP address. See What is Anti-DDoS Origin?
Anti-DDoS Proxy — scrubbing center-based protection for high-volume attacks and application-layer threats. See What is Anti-DDoS Proxy?
For help choosing, see Scenario-specific Anti-DDoS solutions.