ESA protects your applications with multiple layers of defense. Through real-time traffic monitoring, it identifies attack like SYN floods, ACK floods, and CC attacks. When it finds suspicious traffic, ESA absorbs and filters malicious requests, ensuring that only legitimate traffic reaches your origin server.
DDoS mitigation strategies
During a DDoS attack, an attacker floods a web server with a high volume of forged access requests. This can exhaust server resources and prevent the server from responding to legitimate user requests. To mitigate this type of attack, block and manage the requests before they reach the server.
DDoS protection, WAF rules, and cache policies are the three layers of protection ESA uses to ensure your application remains available and performant, even during an attack.
Layer 1: Built-in DDoS protection
ESA has built-in DDoS mitigation capabilities. It provides two tiers of protection levels based on subscription plans: DDoS Basic Protection and Best-effort Protection. This protection operates at the network and transport layers (L3/L4) to stop attacks like SYN floods and UDP floods.
Basic Protection
DDoS Basic Protection is enabled by default on Entrance, Pro, and Premium plans. It requires no configuration and serves as a foundational defense. This protects against DDoS attacks of up to 10 Gbps. When an attack occurs, ESA provides protection at the edge points of presence (POPs). If the attack continues to expand, acceleration quality may be affected. DDoS Basic Protection does not guarantee a specific mitigation time.
If your website is at high risk of DDoS attacks or requires more stable protection, contact us to upgrade to the Enterprise plan.
Best-effort Protection
For Enterprise plan subscribers, ESA enables the HTTP DDoS Attack Protection and Deep Learning and Protection features by default. The HTTP DDoS Attack Protection feature takes effect in real time. It has built-in general mitigation rules based on extensive attack and defense data. This feature can block sudden and large-scale HTTP floods. The Deep Learning and Protection feature learns from attack patterns and intelligently generates dynamic mitigation policies to further enhance protection.
In addition, Enterprise plan subscribers can purchase an Anti-DDoS instance to provide up to Tbps-level protection for their websites.
Configure Best-effort Protection
You can you can fine-tune HTTP DDoS Attack Protection and Deep Learning and Protection settings during an attack.
In the ESA console, select Websites. In the Website column, click the target site.
In the navigation pane on the left, choose .
On the Protection Settings tab, click Configure in the HTTP DDoS Attack Protection or Deep Learning and Protection section.
Set the protection level and mode based on your website's needs and current traffic patterns, and then click OK.
Layer 2: Customizable WAF rules
Web Application Firewall (WAF) acts an intelligent filtering engine that inspects application-layer (L7) traffic. This allows you to block more sophisticated attacks that mimic legitimate user behavior.
ESA provides the WAF at all its POPs worldwide. It uses various mitigation policies, such as smart rate limiting and security analytics to scrub and filter traffic, then return clean traffic to the server.
Layer 3: Origin offloading with cache policies
ESA's cache policy caches website content on POPs. This significantly reduce the number of requests that need to hit your origin server. During a DDoS attack, the majority of the malicious traffic can be served directly from the edge cache, absorbing the attack's impact and ensuring your server's resources are reserved for handling legitimate, dynamic requests.
Feature availability
Entrance | Pro | Premium | Enterprise | |
Protection level | Basic Protection | Basic Protection | Basic Protection | Best-effort Protection |