edit-icon download-icon

HTTP(S) flood protection mode

Last Updated: Feb 12, 2018

Anti-DDoS Pro provides four defense modes against HTTP(S) flood attacks.

  • Normal: The default HTTP flood protection mode. It can be used when a website has a normal traffic to avoid false positives.
    This mode is used by default when you configure web service protection in Anti-DDoS Pro. Its policies are relatively loose and can defend against general HTTP flood attacks, without impairing normal requests.

  • Attack emergency: You can switch to the emergency mode when you discover exceptions in website response, traffic, CPU, or memory indicators, but some normal traffic may be blocked in this mode.
    This mode has relatively strict policies and can guard against more complex and sophisticated HTTP flood attacks. However, it may block a small part of normal requests.

  • High: This mode uses relative strict policies. It enables a full-site level CAPTCHA verification for all requests to the protected website. Each visitor is verified, and can visit the website only after verified by the verification algorithm.
    Note: With the full-site algorithm verification, all requests from real visitors through browsers can have responses normally. However, for API/native app business, they cannot response the algorithm verification correctly, and the website may be inaccessible.

  • Very High: This mode uses very strict policies. It enables a full-site level CAPTCHA verification for all requests to the protected website. Each visitor is verified, and can visit the website only after verified by the verification algorithm.
    Comparing with the full-site algorithm verification of the High mode, anti-debugging and anti-machine authentication features are also enabled.
    Note: With the full-site algorithm verification in the Very High defense mode, requests from real visitors through browsers can have responses normally. (Exceptions may occur in few browsers and cause the website inaccessible. In this situation, re-visit the website after the browser is restarted.) However, for API/native app business, they cannot response the algorithm verification correctly, and the website may be inaccessible.

Procedure

By default, your domain protected by the Anti-DDoS Pro instance uses the Normal HTTP flood protection mode. You can change the mode as you needed.

  1. Log on to the Anti-DDoS Service console.

  2. Go to Anti-DDoS Pro>Setting>Web Attack Protection page, select Instance, and select Domain.

    Note: You can also go to Anti-DDoS Pro>Web Service page, locate a protected domain, click Setting under the Policy column, to go to the Web Attack Protection page for the domain.

  3. Locate the HTTP Flood Protection area, click to select the defense mode.

    HTTP Flood Protection mode

Custom HTTP Flood Protection Rule

Anti-DDoS Pro also supports custom HTTP flood protection rules for you to customize precise HTTP flood defense rules. You can configure defense rules for specific URLs with this functionality.

Go to the Web Attack Protection page of your protected domain, locate the HTTP Flood Protection area, enable custom HTTP flood protection rules, and then click Settings to set custom defense rules for specific URLs.

Custom HTTP flood protection rules

Best Practice for HTTP Flood Protection Settings

The sequence of defense effects with these four HTTP flood protection modes is : Very High > High > Attack emergency > Normal. Meanwhile, the possibility of false positives with these four HTTP flood protection modes is Very High > High > Attack emergency > Normal.

Generally, we recommend that you use the Normal HTTP flood protection mode for your protected domain. This mode uses relative loose defense policies, and only IPs with large access frequency are blocked. We recommend that you switch to the Emergency attack mode or the High mode when the Normal mode fails to deliver satisfactory performance or the website is under severe HTTP flood attacks. Do not forget to switch back to the normal mode after the attack is over.

Note: If your website has API/native app business, they cannot response the algorithm verification correctly, and the website cannot be protected with the High or Very High HTTP flood protection mode. You have to configure custom HTTP flood defense rules for the URL being attacked to block those attack requests.

Thank you! We've received your feedback.