After you switch traffic of your service to an Anti-DDoS Pro or Anti-DDoS Premium instance, you can view protection information in real time on the Security Overview page in the Anti-DDoS Pro or Anti-DDoS Premium console.

Background information

The Security Overview page provides an overview of the following information:
  • Service metrics: clean bandwidth, clean queries per second (QPS), connections per second (CPS), protected domain names, and protected ports
  • Attack events: volumetric DDoS attacks, connection flood attacks, and resource exhaustion attacks
  • Alerts on exceeded upper limits: alerts that are generated if the clean bandwidth, new connections, or concurrent connections exceed the purchased specifications of the instance.

Prerequisites

Your service is added to an Anti-DDoS Pro or Anti-DDoS Premium instance. For more information, see Add a website or Manage forwarding rules.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your instance resides.
    • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
    • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
  3. In the left-side navigation pane, click Security Overview.
  4. Optional:In the upper-right corner, turn on Traffic Flow Diagram to view the background information and concepts.
    Traffic Flow Diagram shows the relationship between origin servers and Anti-DDoS Pro or Anti-DDoS Premium instances, terms, and commonly used units.
  5. Click the Instances tab, select one or more instances, and then specify a time range to view the relevant information.
    You can click Real-time, 6 Hours, 1 Day, 7 Days, or 30 Days to query the relevant information. You can also specify a custom time range to query information within the last 30 days.
    Parameter Description
    Bandwidth
    • Anti-DDoS Pro provides the Bandwidth trend chart to show traffic information by bps or pps. You can view the trends of inbound, outbound, and attack traffic of an instance for a specific time range.
    • Anti-DDoS Premium provides the Overview tab to show bandwidth trends and the Inbound Distribution tab to show the distribution of inbound traffic. Anti-DDoS Premium also provides the Outbound Distribution tab to show the distribution of outbound traffic.
    Note The displayed time granularities in trend charts on the Security Overview page vary based on the specified time ranges:
    • If the time range is no greater than 1 hour, the granularity is 1 minute.
    • If the time range is greater than 1 hour and no greater than 6 hours, the granularity is 5 minutes.
    • If the time range is greater than 6 hours and no greater than 24 hours, the granularity is 10 minutes.
    • If the time range is greater than 1 day and no greater than 7 days, the granularity is 30 minutes.
    • If the time range is greater than 7 days and no greater than 15 days, the granularity is 1 hour.
    • If the time range is greater than 15 days and no greater than 30 days, the granularity is 6 hours.
    Attack Events and Alerts on Exceeded Upper Limits
    • Attack Events

      You can move the pointer over an IP address or a port to view the details of an attack, such as Attack Target, Attack Type, Peak Attack Traffic, and Protection Effect.

    • Alerts on Exceeded Upper Limits

      The following event types of alerts are supported: clean bandwidth, new connections, and concurrent connections. If the purchased specification that corresponds to an event type is exceeded, an alert of this event type is generated. The event status includes alert and rate limit. You can click Details in the Status column of an alert to go to the System Logs page to view the details of the alert.

      • Alert: An alert of this event type indicates that the upper limit of a purchased specification is exceeded. Currently, your service is not affected. We recommend that you perform an upgrade. For more information, see Upgrade an instance.
      • Rate Limit: An alert of this event type indicates that the upper limit of a purchased specification is exceeded and rate limiting is triggered. Your service is adversely affected. We recommend that you perform an upgrade. For more information, see Upgrade an instance.
      Note The alerts on exceeded upper limits are updated at 10:00 (UTC+8) every Monday. The alerts that are displayed are the alerts that were generated on the previous day. If you configure a notification method, such as internal messages, text messages, or emails, you will receive a notification at 10:00 (UTC+8) every Monday. The notification includes the alerts that were generated on the previous day.
    Number of connections
    • Concurrent Connections: the total number of concurrent TCP connections established between clients and the instance
      • Active: the number of TCP connections in the Established state
      • Inactive: the number of TCP connections in all states except the Established state
    • New Connections: the number of new TCP connections established between clients and the instance per second
    Note If you select an instance, the Connections trend chart shows the numbers of connections on different ports. If you select more than one instance, the Connections trend chart shows the total number of connections on all ports.
    Source Locations and Source Service Providers
    • Source Locations: the distribution of source locations from which normal traffic is sent. Source locations are classified by Global and Chinese Mainland.
    • Source Service Providers: the distribution of Internet service providers (ISPs) from which normal traffic is sent.
  6. Click the Domains tab, select one or more domains, and then specify a time range to view the relevant metrics.
    You can click Real-time, 6 Hours, 1 Day, 7 Days, or 30 Days to query the relevant information. You can also specify a custom time range to query information within the last 30 days.
    Parameter Description
    Requests

    The trend of requests is displayed based on the peak values in a specific time range. The displayed time granularity varies based on the specified time range.

    Mitigation Events:

    You can move the pointer over a domain to view the details of an attack, such as Domains, Peak Attack Traffic, and Attack Type.

    Response Codes
    The trend chart of the accumulated numbers of requests with specific status codes within a specific time range. Description of status codes:
    • 2XX: The request is successfully received, understood, and accepted by the server.
      Note Statistics on 2XX status codes include the statistics on status code 200.
    • 200: The request succeeded.
    • 3XX: The client must perform further operations to complete the request. In most cases, a 3XX status code indicates redirection.
    • 4XX: The client may be faulty, which interrupts server processing.
    • 404: The server cannot be accessed.
    • 5XX: An error or an exception occurred when the server processes the request.
    • 502: Anti-DDoS Pro or Anti-DDoS Premium attempts to process the request as a proxy server, but it receives invalid responses from the upstream server.
    • 503: The server may be overloaded or in temporary maintenance and cannot process the request.
    • 504: Anti-DDoS Pro or Anti-DDoS Premium attempts to process the request as a proxy server, but it does not receive responses from the upstream server in a timely manner.
    Source Locations The distribution of source locations from which requests are sent.
    Most Requested URIs and Slow Loading URIs
    • Most Requested URIs: the top five most requested URIs. The URIs are displayed in descending order. You can click More to view the total number of requests for each URI.
    • Slow Loading URIs: the top five URIs based on the response time, in milliseconds. The URIs are displayed in descending order. You can click More to view the response time of each URI.
    Cache Hit Rate

    You can view the trend chart of cache hit rates only after you enable the static page caching feature. For more information, see Anti-DDoS Lab.