This topic describes the release notes for Anti-DDoS Pro, Anti-DDoS Premium, and Anti-DDoS Origin and provides links to the relevant references.
2022
Release date | Applicable service | Feature | Description | References |
---|---|---|---|---|
2022-04-27 | Anti-DDoS Pro and Anti-DDoS Premium | Provisioning | New SSL cipher suites are provided for Anti-DDoS Pro and Anti-DDoS Premium instances that use the Standard function plan. The new SSL cipher suites do not use weak encryption algorithms. This enhances security. | Configure a custom TLS security policy |
2022-04-15 | Anti-DDoS Pro | Provisioning | Anti-DDoS Pro instances allow you to add IPv6 services and forward IPv6 service traffic. The instances also support intelligent protection and custom protection for IPv6 services. | What are Anti-DDoS Pro and Anti-DDoS Premium? |
2022-04-12 | Anti-DDoS Pro | Provisioning | SM Certificates are supported for HTTPS services. This improves security compliance. | Upload an HTTPS certificate |
2022-03-17 | Anti-DDoS Pro | Provisioning | Anti-DDoS Pro instances that support IPv6 are available for purchase. This type of instance can protect both IPv4 and IPv6 services. | Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance |
2021
Release date | Applicable service | Feature | Description | References |
---|---|---|---|---|
2021-12-29 | Anti-DDoS Premium | Assets | An Anti-DDoS Premium instance of the Secure Chinese Mainland Acceleration (Sec-CMA) mitigation plan provides two advanced mitigation sessions free of charge per month. If the two advanced mitigation sessions are exhausted, you can purchase global advanced mitigation sessions to ensure service security. | Purchase global advanced mitigation sessions |
2021-11-12 | Anti-DDoS Pro and Anti-DDoS Premium | Assets | The burstable clean bandwidth feature that is billed based on the 95th percentile bandwidth is supported. Bills are generated based on the actual usage of the burstable clean bandwidth. This helps reduce costs. | Configure the burstable clean bandwidth feature |
2021-10-18 | Anti-DDoS Pro | Investigation | Operation logs within the previous 180 days instead of 30 days can be queried. You can use the logs to track and analyze important operations. | Query operation logs |
2021-09-30 | Anti-DDoS Pro and Anti-DDoS Premium | Provisioning | Ports in the range from port 80 to port 65535 can be added. This extends protection for services over different ports. | Add a website |
2021-09-30 | Anti-DDoS Pro and Anti-DDoS Premium | Provisioning | Online Certificate Status Protocol (OCSP) can be enabled when you add a domain name to Anti-DDoS Pro or Anti-DDoS Premium. If you enable OCSP for an HTTPS service that is added to Anti-DDoS Pro or Anti-DDoS Premium, Anti-DDoS Pro or Anti-DDoS Premium runs OCSP queries and caches the query results. When a client initiates a Transport Layer Security (TLS) handshake with the origin server, Anti-DDoS Pro or Anti-DDoS Premium returns the OCSP details and the certificate chain to the client. This prevents the blocking issues that are caused by OCSP queries from the client and makes access to the HTTPS service more efficient. | Add a website |
2021-09-17 | Anti-DDoS Pro and Anti-DDoS Premium | Investigation | The details about connection flood attacks can be queried on the Attack Analysis tab. You can query the details about connection flood attacks to obtain the trend of attack traffic and the details about traffic scrubbing. You can also view the rankings of the source IP addresses from which attacks are initiated and the distribution of source regions from which attacks originate. Then, you can optimize mitigation policies and track and analyze the attacks based on the details. | View information on the Attack Analysis page |
2021-08-20 | Anti-DDoS Pro and Anti-DDoS Premium | Provisioning | Descriptions can be configured for the added forwarding rules. This allows O&M personnel to locate the required services in an efficient manner when they manage protection policies. This makes O&M operations more efficient. | Create forwarding rules |
2021-08-20 | Anti-DDoS Pro and Anti-DDoS Premium | Provisioning | The origin redundancy feature is supported. The origin redundancy feature allows you to configure primary and secondary origin servers. If an origin server is unavailable, you can switch to the other origin server with a few clicks. This way, the disaster recovery capabilities are improved when Anti-DDoS Pro or Anti-DDoS Premium forwards traffic to origin servers. This also ensures service availability. | Modify the back-to-origin settings for a port |
2021-08-18 | Anti-DDoS Pro and Anti-DDoS Premium | Investigation | Attack analysis reports can be exported. You can export the details about a DDoS attack event to your computer in the PNG or PDF format. This way, you can report and store the details about the attack event. | View information on the Attack Analysis page |
2021-07-28 | Anti-DDoS Pro and Anti-DDoS Premium | Investigation | The details about web resource exhaustion attacks can be queried on the Attack Analysis tab. You can get an idea of the scrubbing capabilities of Anti-DDoS Pro or Anti-DDoS Premium, accurately evaluate the impacts of attacks on your services, and promptly adjust protection policies based on the details about the web resource exhaustion attacks. | View information on the Attack Analysis page |
2021-07-10 | Anti-DDoS Pro and Anti-DDoS Premium | Investigation | Log collection can be enabled or disabled for multiple domain names on the Log Analysis page at a time. | Quick start |
2021-07-07 | Anti-DDoS Pro and Anti-DDoS Premium | Sec-Traffic Manager | Switch to DDoS is supported for the interaction rules of Sec-Traffic Manager. After you create an interaction rule, service traffic is automatically switched to your Anti-DDoS Pro or Anti-DDoS Premium instance for scrubbing only when blackhole filtering is triggered. You can also manually switch service traffic to your instance for scrubbing before blackhole filtering is triggered based on the protection requirements of your services. This reduces the adverse impacts caused by blackhole filtering and traffic switchover. | Create a cloud service interaction rule Create a tiered protection rule |
2021-06-01 | Anti-DDoS Pro | Assets | IPv6 addresses are supported for Anti-DDoS Pro instances. You can apply for an IPv6 address for an Anti-DDoS Pro instance. This way, IPv4 traffic and IPv6 traffic can be forwarded to the same origin server that uses IPv4 addresses or to the respective origin servers that use IPv4 and IPv6 addresses. | Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance |
2021-05-24 | Anti-DDoS Pro and Anti-DDoS Premium | Investigation | In addition to blackhole filtering events and traffic scrubbing events that are detected in Anti-DDoS Pro or Anti-DDoS Premium, the events of flood attacks at Layer 4 and the events of HTTP flood attacks at Layer 7 can also be monitored by CloudMonitor. This feature provides comprehensive information about the security events that are detected in Anti-DDoS Pro or Anti-DDoS Premium. You can configure alert rules for events that are detected in Anti-DDoS Pro or Anti-DDoS Premium. This way, if an attack event is detected, CloudMonitor can send alert notifications in a timely manner. | Configure alert rules for attack events |
2021-05-15 | Anti-DDoS Pro and Anti-DDoS Premium | Provisioning | The features that are used to add domain names and ports are supported by Terraform. For more information, see Terraform. You can use Terraform to manage configurations in a centralized manner. This makes O&M more efficient. | Terraform documentation |
2021-04-30 | Anti-DDoS Premium | Provisioning | The access configurations of multiple domain names can be modified at a time in Anti-DDoS Premium. Note Anti-DDoS Pro supports this feature before Anti-DDoS Premium does. | Modify website configurations |
2021-04-27 | Anti-DDoS Premium | Investigation | Attack analysis reports can be queried in Anti-DDoS Premium. This way, you can obtain information, such as the attack trend charts, analysis results of attack sources, and geographical distribution of attack sources. Note Anti-DDoS Pro supports this feature before Anti-DDoS Premium does. | View information on the Attack Analysis page |
2021-04-22 | Anti-DDoS Pro and Anti-DDoS Premium | Mitigation Settings | The mitigation settings for UDP reflection attacks can be configured on the Protection for Infrastructure tab. You can configure filtering policies based on the source ports of UDP traffic. You can enable one-click filtering for the source ports of common UDP reflection attacks. You can also customize filtering policies for the source ports of new types of UDP reflection attacks. This allows you to respond to UDP reflection attacks at the earliest opportunity and ensure the availability of UDP services. | Use the feature of UDP Reflection Attacks Protection |
2021-04-15 | Anti-DDoS Pro and Anti-DDoS Premium | Investigation | The entry point to the Cloud monitor alerts page is added to the Investigation module in the left-side navigation pane. On the Cloud monitor alerts page, you can view the types of alerts supported by Anti-DDoS Pro and Anti-DDoS Premium. You can also click the required button to go to the CloudMonitor console and enable alerting for Anti-DDoS Pro and Anti-DDoS Premium. | Use the alert monitoring feature of CloudMonitor |
2021-03-31 | Anti-DDoS Premium | Sec-Traffic Manager | Network acceleration policies are optimized for Anti-DDoS Premium. The waiting time that is required for automatic switchback during network acceleration is reduced from 30 minutes to 10 minutes. | Create a network acceleration rule |
2021-03-26 | Anti-DDoS Pro and Anti-DDoS Premium | Website Config | Custom combinations of cipher suites are supported in Transport Layer Security (TLS) policies. After you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify the cipher suite based on your business requirements. | Configure a custom TLS security policy |
2021-03-26 | Anti-DDoS Pro and Anti-DDoS Premium | Website Config | Multiple domain names are supported to forward back-to-origin requests. When you add a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify more than one domain name that is mapped to your origin servers to forward back-to-origin requests. If you specify more than one IP address or domain name, Anti-DDoS Pro and Anti-DDoS Premium use IP hash load balancing to forward website traffic to the origin servers. You can specify multiple domain names to forward back-to-origin requests in distributed business scenarios. This way, you can use Anti-DDoS Pro or Anti-DDoS Premium together with your network, and the workload on a single origin server is reduced. This improves service stability and disaster recovery. | Add a website |
2021-03-26 | Anti-DDoS Pro and Anti-DDoS Premium | Website Config | Remarks can be specified for a website. After you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify remarks for the website. If you add multiple websites to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can identify services based on the remarks. This makes O&M more efficient. | Add a website |
2021-03-26 | Anti-DDoS Pro and Anti-DDoS Premium | Website Config | Custom header fields and field values are supported to label requests. When you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify a custom header field and the value of the field for the domain name. When the instance processes the requests of this domain name, the instance adds the custom header field to these requests. This allows you to collect statistics on and analyze the back-to-origin data. For example, you can accurately count the actual source ports of the requests. | Mark back-to-origin requests |
2021-03-26 | Anti-DDoS Pro and Anti-DDoS Premium | Static Page Caching | Manual cache refreshing is supported for static page caching. If you create custom rules for static page caching and the source content of the cached page changes, you can forcibly refresh the page cache in Anti-DDoS Pro or Anti-DDoS Premium to synchronize the latest content in time. | Anti-DDoS Lab |
2020
Release date | Applicable service | Feature | Description | References |
---|---|---|---|---|
2020-12-15 | Anti-DDoS Pro and Anti-DDoS Premium | Website Config | The configurations of Enable HTTPS Routing and Enable HTTP are provided. When you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can configure the Enable HTTPS Routing or Enable HTTP setting for the website. If you turn on Enable HTTPS Routing, all HTTP requests from clients to the instance are redirected to HTTPS requests, which enhances service security. If you turn on Enable HTTP, HTTPS requests to the instance are redirected to HTTP requests and then the HTTP requests are forwarded to the origin servers. This reduces the workload required to process HTTPS requests on the origin servers. These features allow the instance to authenticate inbound requests and help reduce the workload on downstream links and hosts. | Add a website |
2020-11-05 | Anti-DDoS Pro and Anti-DDoS Premium | Alert Rules | Multiple domain name metrics, such as queries per second (QPS) and abnormal status codes, are supported by alert rules. You can use these metrics to monitor the websites that are protected by your Anti-DDoS Pro or Anti-DDoS Premium instance and identify exceptions at the earliest opportunity. | Configure an alert rule for Anti-DDoS Pro or Anti-DDoS Premium |
2020-10-27 | Anti-DDoS Pro and Anti-DDoS Premium | Mitigation Settings > Custom Policies | Custom policies are supported. You can customize policies based on the IP address of your Anti-DDoS Pro or Anti-DDoS Premium instance and apply these custom policies to the instance. | Create custom mitigation policies for specific scenarios |
2020-09-24 | Anti-DDoS Pro | Attack Analysis | Attack Analysis is supported only for Anti-DDoS Pro. The entry point to the Attack Analysis page is added to the left-side navigation pane of the Anti-DDoS Pro console. The Attack Analysis page displays the details about attack events to provide a clear view of the process and details about protection against DDoS attacks. The details include an attack trend chart, attack source analysis, and protection flowchart. | View information on the Attack Analysis page |
2020-09-08 | Anti-DDoS Premium | Security Overview | Traffic information about Sec-CMA is provided on the Security Overview page. On the Security Overview page, you can query the inbound, outbound, and attack traffic of Sec-CMA. This way, you can understand the traffic, attack mitigation effects, and the deduction of protection quotas for Sec-CMA. | Security Overview |
2020-07-09 | Anti-DDoS Pro and Anti-DDoS Premium | Mitigation Settings | Major changes:
| Configure the IP address blacklist and whitelist for an Anti-DDoS Pro or Anti-DDoS Premium instance |
2020-06-22 | Anti-DDoS Premium | Sec-Traffic Manager > Sec-MCA | The Sec-CMA feature in Anti-DDoS Premium provides protection at both Layer 4 and Layer 7. This feature accelerates network access for your services outside the Chinese Mainland and protects your assets against DDoS attacks. | Configure Anti-DDoS Premium Sec-CMA |
2020-05-19 | Anti-DDoS Pro and Anti-DDoS Premium | Sec-Traffic Manager > CDN/DCDN Interaction | Anti-DDoS Pro and Anti-DDoS Premium can work with Dynamic Route for CDN (DCDN) to scrub malicious traffic and accelerate content delivery:
| Create a CDN or DCDN interaction rule |
2020-04-30 | Anti-DDoS Pro and Anti-DDoS Premium | Sec-Traffic Manager > CDN Interaction | If attacks are detected, CDN-accelerated domain names that integrate with Anti-DDoS Pro or Anti-DDoS Premium are added to a sandbox. The traffic of the domain names is redirected to Anti-DDoS Pro or Anti-DDoS Premium for scrubbing. This ensures service availability. | Overview |
2020-04-22 | Anti-DDoS Pro and Anti-DDoS Premium | Sec-Traffic Manager > General | You can set the waiting time that is required for traffic switchback in general scheduling rules. Before the waiting time elapses, you can also manually switch traffic from Anti-DDoS Pro or Anti-DDoS Premium back to cloud resources. | Overview |
2020-04-01 | Anti-DDoS Pro and Anti-DDoS Premium | New API operations | New API operations are provided for you to manage and integrate Anti-DDoS Pro and Anti-DDoS Premium instances. | List of operations by function |
2020-03-03 | Anti-DDoS Premium | Anti-DDoS Premium interacting with CloudMonitor | Anti-DDoS Premium allows you to view basic O&M data in CloudMonitor. You can customize alert rules for Anti-DDoS Premium in the CloudMonitor console based on your business requirements. | Configure an alert rule for Anti-DDoS Pro or Anti-DDoS Premium |
2020-02-18 | Anti-DDoS Pro and Anti-DDoS Premium | Integrated console and region selection | The consoles of Anti-DDoS Pro and Anti-DDoS Premium are integrated.
| Differences between the features of Anti-DDoS Pro and Anti-DDoS Premium |
2019
Release date | Applicable service | Feature | Description | References |
---|---|---|---|---|
2019-12-18 | Anti-DDoS Origin | Console | A new version of the console is available.
| View the Assets page |
2019-12-18 | Anti-DDoS Origin | Assets | The Assets page. The Assets page displays the protection status of activated assets within your Alibaba Cloud account. The page provides a quick overview of security risks for your assets from DDoS attacks. On the page, you can also increase the protection capacity for a specific asset. Supported assets include Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and elastic IP addresses (EIPs). | page is changed to the View the Assets page |