Alibaba Cloud Anti-DDoS Pro is a value added protection service to ensure high availability and provide complete protection to your online business from all kinds of malicious DDoS attacks. The product also ensures the elimination of single-point-of-failure from real-time DDoS attacks, HTTP flood attacks, empty connection attacks, slow connection attacks and other web application attacks.
Anti-DDoS Pro is recommended for large enterprise websites and applications, especially those that integrate online payments. For blogs and small websites, Anti-DDoS Basic is available and free of cost.
Anti-DDoS Pro can be set up within minutes without needing to configure complex network applications.
“Using Alibaba Cloud Anti-DDoS Service Pro, our online financial business has been growing continuously with protection from DDoS attacks.”
Electric Soul Network
“As an online combat game that requires excellent quality of network, we are frequently attacked by DDoS attacks. With the help of Cloud Anti-DDoS Service, negative impacts on game servers have been mitigated effectively.”
“A special security team from Alibaba Cloud was built to help defend against DDoS attacks when new smart phone products are released.”
Mitigation of high-volume DDoS attack
● BGP network with fast access experience, associated with distributed scrubbing centers all over the world.
● The Anti-DDoS cluster provides a mitigation capacity of more than 2000Gbps, as well as fast access to backbone network.
● Less than 50ms delay to original servers in Alibaba Cloud data centers in Mainland China.
Supports all Protocols and Formats
● Supports TCP/UDP/HTTP/HTTPS protocols.
● Suitable for all kinds of businesses including finance, e-commerce, gaming, and enterprise.
● Ensures protection of application from Layer 4 and Layer 7 attacks.
● Protects servers on both Alibaba Cloud services as well as other cloud service providers including AWS, Azure and RackSpace.
Fully-encrypted Linking with HTTPS
● Supports Layer 7 HTTPS flood protection.
● Ensures full encryption with HTTPS including backlink to origin server.
● Protects privacy of SSL private keys.
● Defends against empty connection attack, slow connection attack and other malicious attacks.
● Leverages various mechanisms such as IP reputation database, IP+Cookie, IP+Key to mitigate HTTP floods.
● Maintains a global database of zombie network to trace all the attacks with the help of Alibaba Cloud WAF.
Through its multiple scrubbing centers located across the globe, Anti-DDoS Pro provides over 2 Tbps capacity of DDoS mitigation allowing you to customize security rules for your website and provide detailed reports and analysis.
Incoming traffic is diverted to Alibaba Cloud Anti-DDoS scrubbing centers through updating DNS resolution settings (web) or replacing the original website IP with an Anti-DDoS IP provided by Alibaba Cloud. As traffic passes through the Anti-DDoS service, malicious attacks can be immediately identified and mitigated. The service then forwards clean traffic to the server and ensures comprehensive DDoS protection for your infrastructure.
Mitigation of high-volume DDoS Attacks
○ Ensures mitigation of all kinds of DDoS attacks such as SYN flood, ACK flood, ICMP flood, UDP flood, NTP flood, SSDP flood, DNS flood, HTTP flood.
○ Offers mitigation capacity of 2000 Gbps.
○ Provides fast access to backbone server.
Application Layer Protection
○ Provides real-time mitigation for Layer 7 DDoS attacks which target application directly.
○ Offers advanced security features such as multi-faced verification, identity recognition and verification code, in order to filter malicious requests from legal requests.
○ Appropriate for HTTP(S) floods targeting websites or layer 7 applications like online gaming web-applications.
○ Ensures security even in the times of heavy traffic, such as during shopping festivals, product launch events.
○ Guarantees 99.99% service availability.
○ Ensures high availability through global scrubbing centers.
Automatic Mitigation Capabilities
○ Provides real-time mitigation by automatically detecting malicious traffic without requiring any manual intervention in the process.
○ Lets you modify protection policies as per your business requirements.
Mitigation of Protocol Attacks
○ Ensures mitigation of protocol attacks such as Smurf attacks, ping of death, SYN floods, etc.
24/7 Security Support
○ Augments protection through 24*7 support from security experts.
Compatible with Other Cloud Services
○ Inhibits capability of integration and providing security to servers on other cloud services besides Alibaba Cloud.
Advanced Protection Algorithms
○ Includes high-level mechanisms such as maintenance of IP reputation database, and IP+Cookie/IP+Key mechanism to mitigate HTTP floods.
○ Defends against different attacks which can slow down the speed of websites such as connection attack, slow connection attack and malicious attack to provide seamless experience on websites and applications.
Billing Type: Mixed
Billing Item: Basic protection and Elastic protection
Payment Option: Subscription or Pay-As-You-Go
Billing Cycle: Basic protection bandwidth (Unit: Gbps) and HTTP Flood protection capacity (Unit: QPS) are charged either monthly or yearly. A subscription bill is generated at purchase.
Settlement cycle: Elastic protection bandwidth (Unit: Gbps) and HTTP flood protection capacity (Unit: QPS) are charged daily. A Pay-As-You-Go bill is generated based on the actual attack peak that exceeds the basic DDoS protection capacity or HTTP flood protection capacity (only the larger billing range is counted) on the day before.
The monthly subscription price of basic protection is as follows:
|DDoS Protection Capacity||HTTP Flood Protection Capacity||China Telecom and China Unicom (USD/Month)||China Telecom, China Unicom and China Mobile (USD/Month)||International (USD/Month)|
|5 Gbps||15,000 QPS||600||N/A||1,000|
|10 Gbps||30,000 QPS||1,310||N/A||3,000|
|20 Gbps||60,000 QPS||2,490||2,956||5,000|
|30 Gbps||100,000 QPS||3,970||4,686||7,500|
|40 Gbps||130,000 QPS||6,920||7,988||9,000|
|50 Gbps||160,000 QPS||9,880||11,290||12,000|
|100 Gbps||300,000 QPS||29,100||32,516||18,000|
|150 Gbps||450,000 QPS||36,490||41,164||N/A|
|200 Gbps||600,000 QPS||42,410||48,239||N/A|
|>200 Gbps||>600,000 QPS||Contact Sales||Contact Sales||N/A|
Elastic Protection and More pricing detail:View Pricing Detail
1. Website Protection
Websites being the most vulnerable online services, a Layer 4 or Layer 7 DDoS attack against the real server can easily bring down a site or cut off all its services for users. These web-based attacks can be caused due to SQL injection, XSS, malicious Trojan or defacement.
1. Web server becomes unreachable due to overloaded malicious traffic making the service unavailable to the website visitors.
2. Web server becomes extremely slow or unavailable due to malicious HTTP flood and starts building too many connections.
Anti-DDoS Service Pro provides protection from all kinds of DDoS attacks including layer-4 and layer-7 DDoS attacks.
Using the Anti-DDoS Service Pro, all the incoming traffic is first received at the IP address provided by the service. The traffic is then routed to the Alibaba Cloud scrubbing centers where the malicious traffic is filtered out. It also ensures protection against suspicious SQL injections and sends the clean and genuine traffic to the website IP address or endpoint.
2. Gaming Protection
As online gaming platforms are highly sensitive to latency and availability issues, they are the ideal targets for DDoS attacks. Any small millisecond delay or network glitch due to DDoS attacks can kick players offline and disrupt the whole gaming experience.
Malicious attacks kicks players offline and causes gaming room congestion.
Attacks affect real-time combat gaming and gateways.
Causes disruption in the web-based and app-based gaming platforms.
Empty connection attack, slow connection attacks further affect the gaming servers.
Various DDoS attacks such as empty connection attacks, slow connection attacks and other malicious attacks kick players offline and affect the online gaming experience. Alibaba Cloud Anti-DDoS Pro defends against these attacks through its selective algorithms and filtering malicious of traffic at the time of scrubbing itself. This way Anti-DDoS Pro defends against all kinds of DDoS attacks targeting online gaming servers and ensures a seamless gaming experience for online players.
Using Alibaba Cloud Anti-DDoS Pro through Management Console
Alibaba Cloud Management Console provides a simple web-based user interface which allows you to access and configure Anti-DDoS Pro Services. Using this console, you can either create and update DNS resolution settings or also replace the original website IP with the anti-DDoS IP provided by Alibaba Cloud.
For a step-by-step overview on how to deploy Alibaba Cloud Anti-DDoS Service Pro through the Management Console please read this Quick Start Guide.
Accessing Alibaba Cloud Documentation
Read the Anti-DDoS Service Pro Documentation to get a detailed understanding of how you can protect your servers and applications hosted on the cloud from potential DDoS attacks. Learn to create protection plans through Alibaba Cloud DDoS Service Pro.
1. Can Anti-DDoS Pro protect servers outside Alibaba Cloud?
Yes, if the original server can be accessed with public Internet.
2. What kind of business can use Anti-DDoS Pro?
We recommend all sorts of online businesses including enterprise, gaming, e-commerce business, online education, APPs, financial services and other industries use Alibaba Cloud Anti-DDoS Service Pro.
3. Can I use wildcard domain record?
Yes. All subdomains of the wild card domain can provide protection. For example, if a wildcard domain is *.abc.com, all the subdomains such as "1.abc.com", "2.abc.com", "3.abc.com", will be able to provide protection from attacks.
4. How can I obtain the real IP of a client while using Anti-DDoS Service?
Anti-DDoS Service Pro will add the real IP of a client into the "X-Forwarded-For" field of HTTP header.
5. Can multiple servers be added in one virtual IP provided by Alibaba Cloud Anti-DDoS Service Pro?
Yes. The single IP address given by Anti-DDoS Service Pro supports up to 20 IP addresses for each forwarding rule. Anti-DDoS Service will then distribute the traffic to all of them using the WRR (Weighted Round Robin) mechanism.
6. How many forwarding rules/ domain names can be configured in one virtual IP?
Up to 50 domain names and 50 layer 4 forwarding rules can be configured in each virtual IP provided by Alibaba Cloud.
7. What happens when the service is about to expire?
Alibaba Cloud will keep your configuration intact for another 7 days after the expiry of the service, meanwhile, the services will be downgraded to the lowest package. We recommend renewing the services at the earliest to avoid any adverse effect on your business.