By default, the intelligent protection feature is enabled. This feature uses algorithms
to learn historical traffic patterns of protected services and adjusts traffic scrubbing
policies at Layer 4 to better safeguard the services. After your services are protected
by Anti-DDoS Pro or Anti-DDoS Premium, intelligent protection of the normal level
is enabled by default. If the normal-level protection cannot meet your requirements,
you can set the level to Low or Strict as required.
Background information
Notice In the top navigation bar of the Anti-DDoS Pro or Anti-DDoS Premium console, you can
select the Chinese Mainland or Outside Chinese Mainland region to switch between the Anti-DDoS Pro and Anti-DDoS Premium consoles. Then,
you can configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances based on
your business requirements. Make sure that you select the required region when you
use Anti-DDoS Pro or Anti-DDoS Premium.
To protect your services against Layer 4 DDoS attacks, both Anti-DDoS Pro and Anti-DDoS
Premium support the low, normal, and strict levels of intelligent protection. These
levels are provided based on historical traffic patterns of services and technical
experience of Alibaba Cloud security experts. By default, intelligent protection is
enabled, and the protection level is set to Normal. You can change the level as required.
Intelligent protection works based on historical traffic patterns. If you use an Anti-DDoS
Pro or Anti-DDoS Premium instance to protect your services for the first time, it
takes about three days for Anti-DDoS Pro or Anti-DDoS Premium to learn the traffic
patterns and provide optimal protection.
Intelligent protection algorithms automatically add malicious IP addresses to a blacklist
and block all requests from these IP addresses within a specific time period. You
can view, add, and remove IP addresses in the blacklist. You can also add IP addresses
to a whitelist. This ensures that requests from these IP addresses are allowed. For
more information, see Configure the IP address blacklist and whitelist for an Anti-DDoS Pro or Anti-DDoS
Premium instance.
Procedure
- Log on to the Anti-DDoS Pro console.
- In the top navigation bar, select the region where your instance resides.
- Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
- Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium
instances. Make sure that you select the required region when you use Anti-DDoS Pro
or Anti-DDoS Premium.
- In the left-side navigation pane, choose .
- On the General Policies page, click the Protection for Non-website Services tab and select the target instance from the Select Instance drop-down list.
- In the Intelligent protection section, click Modify.

- In the Intelligent protection dialog box, set Level as required and then click OK.

Description of protection levels:
- Low: Intelligent protection automatically scrubs traffic from malicious IP addresses.
It may not block all Layer 4 volumetric attacks but achieves a low false positive
rate.
- Normal: Intelligent protection automatically scrubs traffic from malicious and suspicious
IP addresses. This is the default level. Intelligent protection defends against DDoS
attacks while maintains a low false positive rate at this level. We recommend that
you use this level in common scenarios.
- Strict: Intelligent protection provides the strongest protection against DDoS attacks but
may cause false positives.
After the protection level is changed, the Anti-DDoS Pro or Anti-DDoS Premium instance
protects services based on the configured level.