Accelerated domain names that are under DDoS attack may be added to a sandbox and become unavailable for a period of time. To prevent service interruptions, you can configure DDoS mitigation for domain names that are vulnerable to attacks or mission-critical. This way, Dynamic Content Delivery Network (DCDN) can detect and respond to DDoS attacks promptly and shield the domain names against attacks.
Normally, traffic is directly forwarded to POPs without passing through Anti-DDoS. If your domain name is under attack, traffic destined for your domain name is diverted to the scrubbing center nearest to users for scrubbing and then only the clean traffic is routed back to DCDN.
Worldwide protection against DDoS attacks
DDoS mitigation capacity of more than 1 Tbit/s
Acceleration and security both ensured
All-in-one service with intuitive configurations
AI-assisted HTTP (Layer 7) flood protection
DDoS mitigation is available only for customers whose clean bandwidth is no more than 10 Gbit/s or peak QPS is below 100,000. The clean bandwidth refers to the bandwidth of all domain names for which DDoS mitigation is enabled at the same time divided by QPS.
For example, if the peak bandwidth of domain A
1.example.comis 8 Gbit/s and the peak bandwidth of domain B
2.example.comis 3 Gbit/s, only one of the domains can be added for protection. If you enable DDoS mitigation for the two domains at the same time, services may be interrupted. To apply for support for higher bandwidth, submit a ticket.
DDoS mitigation is unavailable for the following types of domain names:
Domain names that use free SSL certificates. For information about how to query the source of a certificate, see How do I check whether a domain name uses a free certificate?
Domain names for which IPv6 is enabled.
Domain names for which Layer 4 acceleration is enabled. For more information, see What is IP Application Accelerator?
Domain names that are already added to Anti-DDoS Pro or Anti-DDoS Premium.
Enable DDoS mitigation
Log on to the DCDN console.
In the left-side navigation tree, choose DDoS Mitigation > Add Domain Name.
On the Add Domain Name page, click Activate DDoS Mitigation.
On the Anti-DDoS buy page, select an Anti-DDoS edition based on your business requirements.Note
You are charged for all outbound traffic generated for domain names with DDoS mitigation enabled based on the unit prices of outbound traffic and scrubbed traffic. For more information, see Billing of DDoS mitigation.
Configure mitigation rules
On the Add Domain Name page, click Add Domain Name.
In the Add Domain Name dialog box, configure the parameters according to the following table.
Protected Domain Names
The accelerated domain name that you want to protect.
The URI for health checks on the origin server. To ensure that the route to the Anti-DDoS scrubbing center is accessible (status code 200 is returned) if an attack occurs, enter the URI of the file that you can access in normal circumstances.
/represents the root directory of the domain name. Example:
DCDN probes the URL that you specified from time to time. If an exception is detected, traffic is forwarded to the scrubbing center and then routed back to DCDN only when the origin server becomes normal.
188.8.131.52 and 184.108.40.206 are used to probe your origin server. If an IP address whitelist is configured for your origin server, add the IP addresses to the whitelist to ensure that probing can work as expected.
Intelligent Cleansing (recommended): DCDN analyzes and determines when to divert traffic to a scrubbing center. If the attack is small, POPs mitigate the attack to improve acceleration performance. If the attack is large, DCDN diverts traffic to the nearest scrubbing center to filter malicious traffic and therefore ensure security. If you enable intelligent cleansing, intelligent HTTP flood protection (medium protection) and global mitigation policies (medium protection) are automatically enabled.
Custom QPS Threshold: This option is suitable for testing. You can specify a QPS threshold to test whether the access route works as expected after the traffic is forwarded to a scrubbing center. When the QPS reaches the threshold that you specified, traffic is diverted to a scrubbing center.
Valid values: 2000 to 50000
Default value: 20000
Modify DDoS mitigation settings or disable DDoS mitigation
On the Domain Names page, find the domain name for which you want to manage, and click Manage or Disable DDoS Mitigation in the Actions column to modify DDoS mitigation settings or disable DDoS mitigation. The change takes effect immediately.
If DDoS mitigation is not enabled for your domain name, DCDN has the right to add the domain name to a sandbox when an attack occurs and the bandwidth or QPS surges. For more information, see Introduction to sandboxes.
For information about DDoS attacks and impacts, see What is a DDoS attack?
Anti-DDoS Pro and Anti-DDoS Premium provide the CDN or DCDN interaction feature. For more information, see Use the CDN or DCDN interaction feature.