Alibaba Cloud provides you with various DDoS mitigation solutions. You can select an appropriate solution based on your business needs. This topic describes the DDoS mitigation solutions and application scenarios.

The DDoS mitigation solutions include Anti-DDoS Origin Basic, Anti-DDoS Origin Enterprise, Anti-DDoS Pro, Anti-DDoS Premium, and GameShield. Anti-DDoS Origin Basic is provided free of charge. The following table describes these solutions.

Note If you want a customized security solution, contact the pre-sales customer service to consult Alibaba Cloud security architects.
Solution Overview Scenario Protection capability
Anti-DDoS Origin Basic Anti-DDoS Origin Basic can defend against up to 5 Gbit/s of DDoS attacks free of charge for public IP addresses of Alibaba Cloud services. The services include Elastic Compute Service (ECS), Server Load Balancer (SLB), Web Application Firewall (WAF), and Elastic IP Address (EIP). Business that has basic requirements on security. Anti-DDoS Origin Basic is automatically enabled after you purchase an Alibaba Cloud service. We recommend that you use other security solutions for additional protection if your business has higher requirements on security. The maximum protection capability is 5 Gbit/s.

For more information, see Editions.

Anti-DDoS Origin Enterprise Anti-DDoS Origin Enterprise improves the protection capability for Alibaba Cloud services, such as ECS, SLB, WAF, and EIP.

You can apply the protection capability of Anti-DDoS Origin Enterprise to Alibaba Cloud services with a simple configuration.

  • Business that is latency-sensitive, such as live video streaming and live Q&A.
  • Business whose ports, domain names, and IP addresses are frequently attacked.
Anti-DDoS Origin Enterprise supports unlimited protection. For more information, see unlimited protection.
Anti-DDoS Pro and Anti-DDoS Premium Anti-DDoS Pro and Anti-DDoS Premium protect servers on the Internet against volumetric DDoS attacks. These servers may be deployed on Alibaba Cloud or provided by a third party.

After the configuration, your business traffic is forwarded to Anti-DDoS Pro or Anti-DDoS Premium for scrubbing. Only normal traffic is forwarded to the origin server. This ensures the stability and reliability of the origin server.

  • Financial, e-commerce, and portal websites.
  • Internet egresses of government networks, portals, and open platforms.
  • Important live streaming and sales promotions.
  • Business that encounters attacks from competitors and ransom-driven attacks.
  • Apps that encounter spam user registration, brushing, and fraudulent traffic.
GameShield GameShield protects against DDoS and HTTP flood attacks in the gaming industry.

Similar to Anti-DDoS Pro or Anti-DDoS Premium, GameShield can defend against Tbit/s-level DDoS attacks. GameShield can also defend against TCP-based HTTP flood attacks that are specific to the gaming industry.

  • Gaming services for which bandwidth resources are exhausted by volumetric DDoS attacks.
  • Gaming services that are frequently attacked by large numbers of bots.
GameShield can defend against Tbit/s-level DDoS attacks.