If you create a UDP port forwarding rule in the Anti-DDoS Pro or Anti-DDoS Premium console, we recommend that you configure the UDP reflection attack mitigation feature. Then, Anti-DDoS Pro or Anti-DDoS Premium discards the UDP traffic over specific ports based on the policies that you specify. This topic describes how to configure the UDP reflection attack mitigation feature.
Feature description
By default, if you do not create a UDP port forwarding rule on the Port Config page or you create only a TCP port forwarding rule, Anti-DDoS Pro or Anti-DDoS Premium discards all UDP traffic. In this case, you do not need to configure the feature. You need to only configure the feature after you create a UDP port forwarding rule.
The feature discards the UDP traffic over specific ports based on the policies that you specify for the Anti-DDoS Pro or Anti-DDoS Premium instance. If you configure UDP port forwarding rules for multiple UDP services, the filtering policies take effect on all UDP services.
Limits
The feature is available only for an Anti-DDoS Proxy instance that uses the Enhanced function plan. If you use an Anti-DDoS Proxy instance that uses the Standard function plan, you must upgrade your instance before you can use the feature. For more information, see Upgrade an instance.
Validity period
After you configure a policy, the policy never expires.
Prerequisites
An Anti-DDoS Proxy instance of the Enhanced function plan is purchased. For more information, see Purchase an Anti-DDoS Proxy instance.
A UDP port forwarding rule is created on the Port Config page. For more information, see Configure port forwarding rules.
Procedure
Log on to the Anti-DDoS Proxy console.
In the top navigation bar, select the region of your instance.
Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.
Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland), select Outside Chinese Mainland.
In the left-side navigation pane, choose .
On the Protection for Infrastructure tab, select the instance that you want to manage from the list on the left side.
You can search for an instance by instance ID or description.
In the UDP Reflection Attack Mitigation section, click Settings.
In the Configure Filtering Policies for UDP Reflection Attacks panel, configure filtering policies to specify ports over which UDP reflection attacks may be launched and click OK.
One-click Filtering Policies (recommended): The list displays common types of UDP reflection attacks and ports over which attacks are launched. We recommend that you select all policies in the list to mitigate UDP reflection attacks that are launched over the ports.
Custom Filtering Policy: Enter the ports over which you want Anti-DDoS Proxy to discard the UDP traffic. The ports that you enter must be within the range from 0 to 65535. You can enter up to 20 ports. Separate multiple ports with commas (,).
You can use this method to configure filtering policies only for ports that are not in the One-click Filtering Policies list.