Prevent HTTP flood attacks - Edge Security Acceleration - Alibaba Cloud Documentation Center

When traffic spikes occur on your website, the access to the origin server may be abnormal or user access may be slow. This topic describes how to configure the policy parameters to block malicious requests that can result in HTTP flood attacks.

Procedure

For more information, see Configure custom protection policies.

Scenarios

The following examples show you how to configure HTTP flood protection policies after you select Custom Protection Policy.

Example rule 1

Parameter	Example	Description
Rule Name	The name of the rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).	If the requested URI contains `/`, the request matches the rule.
Match Condition	Select URI for Match Field. Select Contains for Logical Operator. Enter `/` in the Match Content field.
Rate Limiting	Turn on Rate Limiting.	If a client IP address matches the match condition more than 3,000 times in 5 seconds, the IP address is added to the blacklist.
Statistical Object	Select IP.
Statistical Interval (s)	Enter `5`.
Rate Threshold	Enter `3000`.
Status Code	This switch is turned off by default.	JavaScript validation is performed on all requests that are initiated by the statistical object that meets the rate limiting condition in 300 seconds. For more information, see Configure custom protection policies.
Apply To	Select Current Domain Name.
Blacklist Timeout Period (s)	Enter `300`.
Action	Select JavaScript Validation.

Example rule 2

Parameter	Example	Description
Rule Name	The name of the rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).	If the requested URI contains `/`, the request matches the rule.
Match Condition	Select URI for Match Field. Select Contains for Logical Operator. Enter `/` in the Match Content field.
Rate Limiting	Turn on Rate Limiting.	If a client IP address matches the match condition more than 3,000 times in 5 seconds, and the percentage of HTTP 502 status codes exceeds 80%, the IP address is added to the blacklist.
Statistical Object	Select IP.
Statistical Interval (s)	Enter `5`.
Rate Threshold	Enter `900`.
Status Code	Turn on Status Code. Enter `502`, select By Percentage, and then enter 80.
Apply To	Select Current Domain Name.	JavaScript validation is performed on all requests that are initiated by the statistical object that meets the rate limiting condition in 300 seconds. For more information, see Configure custom protection policies.
Blacklist Timeout Period (s)	Enter `300`.
Action	Select JavaScript Validation.

Example rule 3

Parameter	Example	Description
Rule Name	The name of the rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).	If the requested URI contains `/`, the request meets the rule.
Match Condition	Select URI for Match Field. Select Contains for Logical Operator. Enter `/` in the Match Content field.
Rate Limiting	Turn on Rate Limiting.	If a client IP address matches the match condition more than 900 times in 5 seconds, and the percentage of HTTP 404 status codes exceeds 80%, the IP address is added to the blacklist.
Statistical Object	Select IP.
Statistical Interval (s)	Enter `5`.
Rate Threshold	Enter `900`.
Status Code	Turn on Status Code. Enter `404`, select By Percentage, and then enter 80.
Apply To	Select Current Domain Name.	JavaScript validation is performed on all requests that are initiated by the statistical object that meets the rate limiting condition in 300 seconds. For more information, see Configure custom protection policies.
Blacklist Timeout Period (s)	Enter `300`.
Action	Select JavaScript Validation.