If the response time of your website is increased due to HTTP flood attacks, you can enable the rate limiting feature and use default or custom rules to block requests that are sent to your website. This feature blocks requests within seconds and improves website security.

Step 1: Apply for the rate limiting feature

You must apply for the rate limiting feature before you can use this feature. To apply for this feature, you need to join one of the following DingTalk groups:
  • Group 1: 23184221 (Full)
  • Group 2: 33298914 (Full)
  • Group 3: 33137775

Step 2: Enable the rate limiting feature

  1. Log on to the DCDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Configure page, find the domain name that you want to manage and click Domain Names in the Actions column.
  4. In the left-side navigation pane, click Security Settings.
  5. Click the Rate Limiting tab.
  6. Turn on Rate Limiting.
  7. Click Modify.
  8. In the Rate Limiting dialog box, turn on Parameter Check and set Limiting Mode based on your requirements.
    Configure rate limiting
    Parameter Description
    Parameter Check After you enable parameter check, URIs retain all parameters and are matched against rate limiting rules. Parameter Check checks only URIs. Custom matching rules that are set for the custom rate limiting mode do not apply to this feature.
    Note Parameter Check takes effect only when Limiting Mode is set to Custom.
    Limiting Mode You can select one of the following limiting modes:
    • Normal

      The default rate limiting mode. If the network traffic of your website is relatively stable, select this mode to minimize false positives.

    • Emergency

      If the response time of your website is slow, and you frequently run into issues with network traffic, CPU usage, and memory usage, select this mode.

    • Custom

      If you want to customize rate limiting rules based on your business requirements, select this mode. This mode detects requests that access your website more frequently than expected, and mitigates HTTP flood attacks on edge nodes. For more information about how to create a custom rate limiting rule, see Step 9.

  9. Optional: Create a custom rate limiting rule.
    Note
    • If you select Custom for Limiting Mode, you must create a custom rate limiting rule. If you select another option for Limiting Mode, you do not need to create a custom rate limiting rule.
    • You can create a maximum of five custom rate limiting rules.
    1. Click Add Rule on the right side of Custom Rules.
    2. Follow the on-screen instructions to create a custom rate limiting rule. The following table describes the parameters.
      示例
      Parameter Description
      Name
      • The name must be 4 to 30 characters in length, and can contain letters and digits.
      • The names of rules that are configured for the same domain name must be unique.
      URI The URI that you want to protect, for example, /register. If parameters are included in the URI, for example, /user?action=login, you must turn on Parameter Check if you want to apply the rule to the entire URI.
      Match Mode You can select one of the following match modes. The rate limiting rule applies the match modes in the following order: exact match, prefix match, and fuzzy match. You can adjust the priorities of the match modes in a rate limiting rule. The match modes are listed and executed based on their priorities.
      • Prefix Match

        In this mode, requests are counted if the request URI starts with the specified URI. For example, if the URI is set to /register, all requests that are sent to /register.html are counted.

      • Exact Match

        In this mode, requests are counted only if the request URI exactly matches the specified URI.

      • Regex Match

        In this mode, regular expressions are used to match directories.

      Monitored Object You can select one of the following objects that you want to monitor:
      • Client IP Address
      • Request Header
      • URL Parameter
      Interval Set a time period during which request statistics are collected. This parameter takes effect only if you specify a monitored object. The interval must be greater than or equal to 10 seconds.
      Match Against Click Add Rule and set the following parameters: Type, Parameter, Relational Operator, and Value.
      Note The number of requests that match the specified matching rule is counted on each edge node. The triggering of the rate liming rule requires some time. You can send more requests to the edge nodes to trigger the rule.
      Action The action to be performed after the specified condition is triggered. You can select Block or CAPTCHA.
      • Block

        If this action is triggered, an HTTP 403 status code is returned to all requests.

      • CAPTCHA

        If this action is triggered, an HTTP 200 status code is returned to the request and the request is redirected for verification. The request is allowed to access the requested resources only if it passes the verification.

        For example, if an IP address initiates requests more than five times within 20 seconds, bot detection is triggered. All requests from the IP address within the following 10 minutes are verified. Requests from this IP address are allowed to access resources only if the requests pass the verification.

      TTL The time period that IP addresses remain blocked. The value of TTL must be greater than or equal to 60 seconds.
    3. Click Confirm.

Examples

The following table provides examples of how to create a custom rate limiting rule.
Note Specify a value for N based on your business requirements.
Scenario Monitored object Interval Matching against Action TTL
4xx or 5xx errors IP 10 seconds "status_ratio|404">60%&&"count">50 Block 10 minutes
Queries per second (QPS) errors Domain name 10 seconds "count">N CAPTCHA 10 minutes