Object Storage Service (OSS) DDoS protection is a proxy-based attack mitigation service that integrates OSS with Anti-DDoS Pro and Anti-DDoS Premium. When a bucket for which OSS DDoS protection is enabled suffers DDoS attacks, OSS DDoS protection diverts malicious traffic to an Anti-DDoS Pro or Anti-DDoS Premium instance for scrubbing and then redirects legitimate traffic to the bucket. This way, your business can power through DDoS attacks and continue to function as expected.

Prerequisites

You can configure OSS DDoS protection only in the following regions: China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Shenzhen), and China (Hong Kong).

Background information

  • An OSS DDoS protection instance must be retained for at least seven days after the instance is created. If the instance is deleted within seven days (168 hours), you are charged basic resource fees for the minimum usage duration of seven days, including the remaining duration: 7 (days) × 24 (hours) - Actual usage duration. For more information about the billing, see OSS DDoS protection fees.
  • You can create only one OSS DDoS protection instance in a region. Each instance can be attached to up to 10 buckets in the same region.

For more information, see OSS DDoS protection.

Procedure

  1. Create an OSS DDoS protection instance.
    1. Log on to the OSS console.
    2. In the left-side navigation pane, click Anti-DDoS Pro.
    3. On the Anti-DDoS Pro page, click Create Anti-DDoS Instance. Then, select a region in the Create Anti-DDoS Instance dialog box that appears.
      The first time you use OSS DDoS protection, you must click Confirm on the Anti-DDoS Pro page. Then, select a region in the Create Anti-DDoS Instance dialog box that appears.
    4. Click OK.
  2. Attach the OSS DDoS protection instance to a bucket.
    1. Click View and Attach Buckets next to the instance that you want to attach.
    2. In the View and Attach Buckets panel, click Attach Buckets.
    3. In the Attach Buckets dialog box, select a bucket you want to attach from the Bucket drop-down list.
      Buckets to which OSS DDoS protection instances are attached are not displayed in the Bucket drop-down list.
    4. Click OK.
      After the instance is attached to the bucket, the bucket is in the Initializing state. When the status becomes Defending, the OSS DDoS protection instance has started to protect the bucket.
  3. If you want to protect the custom domain name that is mapped to the bucket, add the custom domain name to the protection list of the Anti-DDoS instance.
    Notice By default, OSS does not protect custom domain names mapped to the bucket. Therefore, when the bucket is under attack, the bucket cannot be accessed by using the custom domain names. If you want to access a bucket by using custom domain names mapped to the bucket when the bucket is under attack, add the custom domain names in the OSS console. You can add up to five custom domain names for each bucket to the protection list of an Anti-DDoS instance.
    • If no custom domain names are mapped to the bucket, you must map a custom domain name to the bucket. For more information, see Map custom domain names.
    • If a custom domain name is mapped to the bucket, add the custom domain name by performing the following steps:
      1. On the right side of the bucket attached to the instance, choose More > Modify Custom Domain Name.
      2. Select the custom domain name that you want to add.
      3. Click OK.

        Then, you can access the bucket by using the custom domain name when the bucket is under attack.