By default, the intelligent protection feature is enabled. This feature uses algorithms to learn historical traffic patterns of protected services and adjusts traffic scrubbing policies at Layer 4 to better safeguard the services. After your services are protected by Anti-DDoS Pro or Anti-DDoS Premium, intelligent protection of the normal level is enabled by default. If the normal-level protection cannot meet your requirements, you can set the level to Low or Strict as required.
Prerequisites
Background information
To protect your services against Layer 4 DDoS attacks, both Anti-DDoS Pro and Anti-DDoS Premium support the low, normal, and strict levels of intelligent protection. These levels are provided based on historical traffic patterns of services and technical experience of Alibaba Cloud security experts. By default, intelligent protection is enabled, and the protection level is set to Normal. You can change the level as required.
Intelligent protection works based on historical traffic patterns. If you use an Anti-DDoS Pro or Anti-DDoS Premium instance to protect your services for the first time, it takes about three days for Anti-DDoS Pro or Anti-DDoS Premium to learn the traffic patterns and provide optimal protection.
Intelligent protection algorithms automatically add malicious IP addresses to a blacklist and block all requests from these IP addresses within a specific time period. You can view, add, and remove IP addresses in the blacklist. You can also add IP addresses to a whitelist. This ensures that requests from these IP addresses are allowed. For more information, see Configure a blacklist or whitelist for destination IP addresses.