If your Object Storage Service (OSS) bucket is under attack or contains illegal content, OSS automatically moves the bucket to the sandbox to prevent impacts on your other buckets. If your business faces a high risk of DDoS attacks, you can enable OSS DDoS protection.
OSS sandbox
When your OSS bucket is under attack or when other users share illegal content through your bucket, OSS automatically moves the bucket to the sandbox. Buckets in the sandbox can still respond to requests but experience service degradation that may affect your application. If your bucket is under attack, you are responsible for all costs incurred due to the attack.
To prevent your bucket from being moved to the sandbox due to attacks, we recommend that you use Anti-DDoS Pro to defend against DDoS attacks and CC attacks. To prevent your bucket from being moved to the sandbox due to sharing illegal content such as pornography, politically sensitive content, or terrorism-related content, we recommend that you activate Content Moderation service to regularly scan your selected buckets.
For more information, see OSS sandbox in the OSS Developer Guide.
OSS DDoS protection
OSS DDoS protection is a proxy-based attack mitigation service that integrates OSS with Anti-DDoS Pro and Anti-DDoS Premium. When a bucket with OSS DDoS protection enabled suffers volumetric attacks, OSS DDoS protection diverts malicious traffic to an Anti-DDoS cluster for traffic scrubbing and then redirects legitimate traffic to the target bucket. This ensures your business continues to function as expected.
OSS DDoS protection provides up to terabit-level DDoS protection capabilities, protection for millions of QPS, and second-level attack switching capabilities. It effectively defends against attacks such as SYN Flood, ACK Flood, ICMP Flood, UDP Flood, NTP Flood, SSDP Flood, DNS Flood, and HTTP Flood. OSS DDoS protection is suitable for scenarios where your business is prone to malicious attacks, ransomware attacks, brushing, and fraudulent traffic.
For more information, see OSS DDoS protection in the OSS Developer Guide.