Anti-DDoS:Release notes

If you enable OCSP for an HTTPS service that is added to Anti-DDoS Pro or Anti-DDoS Premium, Anti-DDoS Pro or Anti-DDoS Premium runs OCSP queries and caches the query results. When a client initiates a Transport Layer Security (TLS) handshake with the origin server, Anti-DDoS Pro or Anti-DDoS Premium returns the OCSP details and the certificate chain to the client. This prevents the blocking issues that are caused by OCSP queries from the client and makes access to the HTTPS service more efficient.

You can query the details about connection flood attacks to obtain the trend of attack traffic and the details about traffic scrubbing. You can also view the rankings of the source IP addresses from which attacks are initiated and the distribution of source regions from which attacks originate. Then, you can optimize mitigation policies and track and analyze the attacks based on the details.

The origin redundancy feature allows you to configure primary and secondary origin servers. If an origin server is unavailable, you can switch to the other origin server with a few clicks. This way, the disaster recovery capabilities are improved when Anti-DDoS Pro or Anti-DDoS Premium forwards traffic to origin servers. This also ensures service availability.

You can export the details about a DDoS attack event to your computer in the PNG or PDF format. This way, you can report and store the details about the attack event.

You can get an idea of the scrubbing capabilities of Anti-DDoS Pro or Anti-DDoS Premium, accurately evaluate the impacts of attacks on your services, and promptly adjust protection policies based on the details about the web resource exhaustion attacks.

After you create an interaction rule, service traffic is automatically switched to your Anti-DDoS Pro or Anti-DDoS Premium instance for scrubbing only when blackhole filtering is triggered. You can also manually switch service traffic to your instance for scrubbing before blackhole filtering is triggered based on the protection requirements of your services. This reduces the adverse impacts caused by blackhole filtering and traffic switchover.

Create a tiered protection rule

Create a CDN or DCDN interaction rule

Create a network acceleration rule

You can apply for an IPv6 address for an Anti-DDoS Pro instance. This way, IPv4 traffic and IPv6 traffic can be forwarded to the same origin server that uses IPv4 addresses or to the respective origin servers that use IPv4 and IPv6 addresses.

You can configure alert rules for events that are detected in Anti-DDoS Pro or Anti-DDoS Premium. This way, if an attack event is detected, CloudMonitor can send alert notifications in a timely manner.

You can configure filtering policies based on the source ports of UDP traffic. You can enable one-click filtering for the source ports of common UDP reflection attacks. You can also customize filtering policies for the source ports of new types of UDP reflection attacks. This allows you to respond to UDP reflection attacks at the earliest opportunity and ensure the availability of UDP services.

On the Cloud monitor alerts page, you can view the types of alerts supported by Anti-DDoS Pro and Anti-DDoS Premium. You can also click the required button to go to the CloudMonitor console and enable alerting for Anti-DDoS Pro and Anti-DDoS Premium.

The waiting time that is required for automatic switchback during network acceleration is reduced from 30 minutes to 10 minutes.

After you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify the cipher suite based on your business requirements.

When you add a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify more than one domain name that is mapped to your origin servers to forward back-to-origin requests. If you specify more than one IP address or domain name, Anti-DDoS Pro and Anti-DDoS Premium use IP hash load balancing to forward website traffic to the origin servers.

You can specify multiple domain names to forward back-to-origin requests in distributed business scenarios. This way, you can use Anti-DDoS Pro or Anti-DDoS Premium together with your network, and the workload on a single origin server is reduced. This improves service stability and disaster recovery.

After you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify remarks for the website. If you add multiple websites to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can identify services based on the remarks. This makes O&M more efficient.

When you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can specify a custom header field and the value of the field for the domain name. When the instance processes the requests of this domain name, the instance adds the custom header field to these requests. This allows you to collect statistics on and analyze the back-to-origin data. For example, you can accurately count the actual source ports of the requests.

If you create custom rules for static page caching and the source content of the cached page changes, you can forcibly refresh the page cache in Anti-DDoS Pro or Anti-DDoS Premium to synchronize the latest content in time.

When you add the domain name of a website to your Anti-DDoS Pro or Anti-DDoS Premium instance, you can configure the Enable HTTPS Routing or Enable HTTP setting for the website. If you turn on Enable HTTPS Routing, all HTTP requests from clients to the instance are redirected to HTTPS requests, which enhances service security. If you turn on Enable HTTP, HTTPS requests to the instance are redirected to HTTP requests and then the HTTP requests are forwarded to the origin servers. This reduces the workload required to process HTTPS requests on the origin servers. These features allow the instance to authenticate inbound requests and help reduce the workload on downstream links and hosts.

The entry point to the Attack Analysis page is added to the left-side navigation pane of the Anti-DDoS Pro console. The Attack Analysis page displays the details about attack events to provide a clear view of the process and details about protection against DDoS attacks. The details include an attack trend chart, attack source analysis, and protection flowchart.

On the Security Overview page, you can query the inbound, outbound, and attack traffic of Sec-CMA. This way, you can understand the traffic, attack mitigation effects, and the deduction of protection quotas for Sec-CMA.

• The Blocking Time option is provided for you to set the duration for IP addresses to be retained in a blacklist when you configure a Blacklist and Whitelist (Instance IP) policy for your Anti-DDoS Pro instance.
• In the Anti-DDoS Premium console, the Blacklist and Whitelist (Instance IP) settings are provided on the Protection for Infrastructure tab, and the Intelligent protection settings are provided on the Protection for Non-website Services tab.

Configure intelligent protection

Sec-MCA

CDN/DCDN Interaction

• If no attacks are detected, DCDN accelerates traffic of your workloads.
• If attacks are detected, traffic of your workloads is automatically redirected to Anti-DDoS Pro or Anti-DDoS Premium for scrubbing. This ensures service availability.
• After the attacks stop, traffic of your workloads is automatically redirected to DCDN.

CDN Interaction

General

Configure alert rules for attack events

• In the console, you can select Chinese Mainland for Anti-DDoS Pro or Outside Chinese Mainland for Anti-DDoS Premium.
• You can access Anti-DDoS Pro and Anti-DDoS Premium in the same console. The Anti-DDoS Premium console is updated to provide a graphical user interface that is similar to that of the Anti-DDoS Pro console.

• In the left-side navigation pane, Anti-DDoS Basic is changed to Anti-DDoS Services.
• In the left-side navigation pane, the Basic Protection > Instances page is changed to the Assets page. On the Assets page, the content of DDoS Attack Protection Information is updated.
• In the left-side navigation pane, the Protection Package > Security Report, Protection Package > Protection Packages, Protection Package > Traffic Packages, and Protection Package > Operation Logs pages are changed to the Anti-DDoS Origin > Manage Instances page.
• In the left-side navigation pane, the following entry points are added:
  • Anti-DDoS Services > Anti-DDoS Pro: directs you to the Anti-DDoS Pro console.
  • Anti-DDoS Services > Anti-DDoS Premium: directs you to the Anti-DDoS Premium console.
  • Industry-specific > Game Shield: directs you to the GameShield console.
  • How to Choose: directs you to a topic named Select an Anti-DDoS service based on the protection scenario.

The Assets page displays the protection status of activated assets within your Alibaba Cloud account. The page provides a quick overview of security risks for your assets from DDoS attacks. On the page, you can also increase the protection capacity for a specific asset. Supported assets include Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and elastic IP addresses (EIPs).