Anti-DDoS Pro

Anti-DDoS Pro is a value-added service to protect your online business from malicious DDoS attacks

Buy Now Contact Sales


Alibaba Cloud Anti-DDoS Pro is a value added protection service to ensure high availability and provide complete protection to your online business from all kinds of malicious DDoS attacks. The product also ensures the elimination of single-point-of-failure from real-time DDoS attacks, HTTP flood attacks, empty connection attacks, slow connection attacks and other web application attacks.

Anti-DDoS Pro is recommended for large enterprise websites and applications, especially those that integrate online payments. For blogs and small websites, Anti-DDoS Basic is available and free of cost.

Anti-DDoS Pro can be set up within minutes without needing to configure complex network applications.

Customer Testimonials

Hongling Capital


“Using Alibaba Cloud Anti-DDoS Service Pro, our online financial business has been growing continuously with protection from DDoS attacks.”

Electric Soul Network


“As an online combat game that requires excellent quality of network, we are frequently attacked by DDoS attacks. With the help of Cloud Anti-DDoS Service, negative impacts on game servers have been mitigated effectively.”

Meizu Technology


“A special security team from Alibaba Cloud was built to help defend against DDoS attacks when new smart phone products are released.”


Mitigation of high-volume DDoS attack

● BGP network with fast access experience, associated with distributed scrubbing centers all over the world.

● The Anti-DDoS cluster provides a mitigation capacity of more than 2000Gbps, as well as fast access to backbone network.

● Less than 50ms delay to original servers in Alibaba Cloud data centers in Mainland China.

Supports all Protocols and Formats

● Supports TCP/UDP/HTTP/HTTPS protocols.

● Suitable for all kinds of businesses including finance, e-commerce, gaming, and enterprise.

● Ensures protection of application from Layer 4 and Layer 7 attacks.

● Protects servers on both Alibaba Cloud services as well as other cloud service providers including AWS, Azure and RackSpace.

Fully-encrypted Linking with HTTPS

● Supports Layer 7 HTTPS flood protection.

● Ensures full encryption with HTTPS including backlink to origin server.

● Protects privacy of SSL private keys.

Protection Algorithms

● Defends against empty connection attack, slow connection attack and other malicious attacks.

● Leverages various mechanisms such as IP reputation database, IP+Cookie, IP+Key to mitigate HTTP floods.

● Maintains a global database of zombie network to trace all the attacks with the help of Alibaba Cloud WAF.

Product Details

Through its multiple scrubbing centers located across the globe, Anti-DDoS Pro provides over 2 Tbps capacity of DDoS mitigation allowing you to customize security rules for your website and provide detailed reports and analysis.

Incoming traffic is diverted to Alibaba Cloud Anti-DDoS scrubbing centers through updating DNS resolution settings (web) or replacing the original website IP with an Anti-DDoS IP provided by Alibaba Cloud. As traffic passes through the Anti-DDoS service, malicious attacks can be immediately identified and mitigated. The service then forwards clean traffic to the server and ensures comprehensive DDoS protection for your infrastructure.


Mitigation of high-volume DDoS Attacks

○ Ensures mitigation of all kinds of DDoS attacks such as SYN flood, ACK flood, ICMP flood, UDP flood, NTP flood, SSDP flood, DNS flood, HTTP flood.

○ Offers mitigation capacity of 2000 Gbps.

○ Provides fast access to backbone server.

Application Layer Protection

○ Provides real-time mitigation for Layer 7 DDoS attacks which target application directly.

○ Offers advanced security features such as multi-faced verification, identity recognition and verification code, in order to filter malicious requests from legal requests.

○ Appropriate for HTTP(S) floods targeting websites or layer 7 applications like online gaming web-applications.

○ Ensures security even in the times of heavy traffic, such as during shopping festivals, product launch events.

High Availability

○ Guarantees 99.99% service availability.

○ Ensures high availability through global scrubbing centers.

Automatic Mitigation Capabilities

○ Provides real-time mitigation by automatically detecting malicious traffic without requiring any manual intervention in the process.

○ Lets you modify protection policies as per your business requirements.

Mitigation of Protocol Attacks

○ Ensures mitigation of protocol attacks such as Smurf attacks, ping of death, SYN floods, etc.

24/7 Security Support

○ Augments protection through 24*7 support from security experts.

Compatible with Other Cloud Services

○ Inhibits capability of integration and providing security to servers on other cloud services besides Alibaba Cloud.

Advanced Protection Algorithms

○ Includes high-level mechanisms such as maintenance of IP reputation database, and IP+Cookie/IP+Key mechanism to mitigate HTTP floods.

○ Defends against different attacks which can slow down the speed of websites such as connection attack, slow connection attack and malicious attack to provide seamless experience on websites and applications.


Anti-DDoS Pro

  • Billing Type: Mixed

  • Billing Item: Basic protection and Elastic protection

  • Payment Option: Subscription or Pay-As-You-Go

  • Billing Cycle: Basic protection bandwidth (Unit: Gbps) and HTTP Flood protection capacity (Unit: QPS) are charged either monthly or yearly. A subscription bill is generated at purchase.

  • Settlement cycle: Elastic protection bandwidth (Unit: Gbps) and HTTP flood protection capacity (Unit: QPS) are charged daily. A Pay-As-You-Go bill is generated based on the actual attack peak that exceeds the basic DDoS protection capacity or HTTP flood protection capacity (only the larger billing range is counted) on the day before.

Basic Protection

The monthly subscription price of basic protection is as follows:

DDoS Protection CapacityHTTP Flood Protection CapacityChina Telecom and China Unicom (USD/Month)China Telecom, China Unicom and China Mobile (USD/Month)International (USD/Month)
5 Gbps15,000 QPS600N/A1,000
10 Gbps30,000 QPS1,310N/A3,000
20 Gbps60,000 QPS2,4902,9565,000
30 Gbps100,000 QPS3,9704,6867,500
40 Gbps130,000 QPS6,9207,9889,000
50 Gbps160,000 QPS9,88011,29012,000
100 Gbps300,000 QPS29,10032,51618,000
150 Gbps450,000 QPS36,49041,164N/A
200 Gbps600,000 QPS42,41048,239N/A
>200 Gbps>600,000 QPSContact SalesContact SalesN/A

Elastic Protection and More pricing detail:

View Pricing Detail


1. Website Protection

Websites being the most vulnerable online services, a Layer 4 or Layer 7 DDoS attack against the real server can easily bring down a site or cut off all its services for users. These web-based attacks can be caused due to SQL injection, XSS, malicious Trojan or defacement.


1. Web server becomes unreachable due to overloaded malicious traffic making the service unavailable to the website visitors.

2. Web server becomes extremely slow or unavailable due to malicious HTTP flood and starts building too many connections.


Anti-DDoS Service Pro provides protection from all kinds of DDoS attacks including layer-4 and layer-7 DDoS attacks.

Using the Anti-DDoS Service Pro, all the incoming traffic is first received at the IP address provided by the service. The traffic is then routed to the Alibaba Cloud scrubbing centers where the malicious traffic is filtered out. It also ensures protection against suspicious SQL injections and sends the clean and genuine traffic to the website IP address or endpoint.

2. Gaming Protection

As online gaming platforms are highly sensitive to latency and availability issues, they are the ideal targets for DDoS attacks. Any small millisecond delay or network glitch due to DDoS attacks can kick players offline and disrupt the whole gaming experience.


  • Malicious attacks kicks players offline and causes gaming room congestion.

  • Attacks affect real-time combat gaming and gateways.

  • Causes disruption in the web-based and app-based gaming platforms.

  • Empty connection attack, slow connection attacks further affect the gaming servers.


Various DDoS attacks such as empty connection attacks, slow connection attacks and other malicious attacks kick players offline and affect the online gaming experience. Alibaba Cloud Anti-DDoS Pro defends against these attacks through its selective algorithms and filtering malicious of traffic at the time of scrubbing itself. This way Anti-DDoS Pro defends against all kinds of DDoS attacks targeting online gaming servers and ensures a seamless gaming experience for online players.

Getting Started

Using Alibaba Cloud Anti-DDoS Pro through Management Console

Alibaba Cloud Management Console provides a simple web-based user interface which allows you to access and configure Anti-DDoS Pro Services. Using this console, you can either create and update DNS resolution settings or also replace the original website IP with the anti-DDoS IP provided by Alibaba Cloud.

For a step-by-step overview on how to deploy Alibaba Cloud Anti-DDoS Service Pro through the Management Console please read this Quick Start Guide.

Accessing Alibaba Cloud Documentation

Read the Anti-DDoS Service Pro Documentation to get a detailed understanding of how you can protect your servers and applications hosted on the cloud from potential DDoS attacks. Learn to create protection plans through Alibaba Cloud DDoS Service Pro.


1. Can Anti-DDoS Pro protect servers outside Alibaba Cloud?

Yes, if the original server can be accessed with public Internet.

2. What kind of business can use Anti-DDoS Pro?

We recommend all sorts of online businesses including enterprise, gaming, e-commerce business, online education, APPs, financial services and other industries use Alibaba Cloud Anti-DDoS Service Pro.

3. Can I use wildcard domain record?

Yes. All subdomains of the wild card domain can provide protection. For example, if a wildcard domain is *, all the subdomains such as "", "", "", will be able to provide protection from attacks.

4. How can I obtain the real IP of a client while using Anti-DDoS Service?

Anti-DDoS Service Pro will add the real IP of a client into the "X-Forwarded-For" field of HTTP header.

5. Can multiple servers be added in one virtual IP provided by Alibaba Cloud Anti-DDoS Service Pro?

Yes. The single IP address given by Anti-DDoS Service Pro supports up to 20 IP addresses for each forwarding rule. Anti-DDoS Service will then distribute the traffic to all of them using the WRR (Weighted Round Robin) mechanism.

6. How many forwarding rules/ domain names can be configured in one virtual IP?

Up to 50 domain names and 50 layer 4 forwarding rules can be configured in each virtual IP provided by Alibaba Cloud.

7. What happens when the service is about to expire?

Alibaba Cloud will keep your configuration intact for another 7 days after the expiry of the service, meanwhile, the services will be downgraded to the lowest package. We recommend renewing the services at the earliest to avoid any adverse effect on your business.