- What's New
- Function Overview
- Service Overview
-
Billing
- Billing Overview
- Billing Modes
- Billing Items
- Renewing Subscriptions
- Bills
- Arrears
- Stopping Billing
- Cost Management
-
Billing FAQs
- General FAQs
- Billing FAQs of CNAD Advanced
-
Billing FAQs of AAD
- How Is AAD Billed?
- Why Does My Payment Status Not Update After I Make a Payment?
- Will I Be Charged If I Buy an Elastic Protection Bandwidth and My Elastic IP Address Is Not Attacked for the Whole Month?
- What Happens If the Attack Traffic Exceeds the Elastic Protection Bandwidth?
- Can I Adjust My Elastic Protection Bandwidth From 100 Gbit/s to 200 Gbit/s When I Find 100 Gbit/s Is Insufficient?
- What Is the Charge If My IP Address Is Attacked Many Times a Day?
- How Do I Stop Elastic Protection to Avoid Being Charged for the Elastic Protection Bandwidth?
- How Can I Renew the AAD Service?
- How Can I Unsubscribe from the AAD Service?
- How Should I Automatically Renew AAD?
- Can the Original Configuration Data Be Saved After I Unsubscribe from an AAD Instance?
- How Is the Elastic Bandwidth Charged?
- Getting Started
-
User Guide
-
CNAD Basic (Anti-DDoS) User Guide
- Anti-DDoS Overview
- Using IAM to Grant Anti-DDoS Permissions
- Setting a Traffic Scrubbing Threshold to Intercept Attack Traffic
- Setting DDoS Alarm Notifications
- Enabling DDoS Alarm Notifications
- Enabling Logging
- Adding a Tag to an EIP
- Viewing an EIP Monitoring Report
- Viewing an Interception Report
- Querying Audit Logs
-
CNAD Advanced (CNAD) Operation Guide
- CNAD Overview
- Using IAM to Grant CNAD Permissions
- Purchasing a CNAD Instance
-
Adding a Protection Policy
- Protection Policy Overview
- Configuring a Basic Protection Policy to Intercept Attack Traffic
- Using Watermarks to Defend Against CC Attacks
- Blocking or Permitting Traffic From Specified IP Addresses Using a Blacklist and Whitelist
- Blocking Traffic to a Specified Port
- Blocking Traffic of a Specified Protocol
- Setting a Traffic Handling Policy Based on Fingerprint Features
- Using Advanced Protection Policies to Restrict Abnormal Connections
- Blocking Traffic From Specified Locations
- Adding a Protected Object
- Enabling Alarm Notifications for DDoS Attacks
- Enabling Logging
- Viewing Statistics Reports
- Managing Instances
- Managing Protected Objects
- Viewing Monitoring Metrics
- Querying Audit Logs
-
Advanced Anti-DDoS User Guide
- AAD Overview
- Using IAM to Grant AAD Permissions
- Purchasing an AAD Instance
- Connecting Services to AAD
-
Configuring a Protection Policy
- Protection Policy Overview
- Enabling Basic Web Protection
- Blocking Traffic From Specified Locations
- Blocking Traffic of a Specified Protocol
- Blocking or Allowing Traffic From Specified IP Addresses Using a Blacklist and Whitelist
- Mitigating CC Attacks Using Frequency Control Policies
- Using Intelligent CC Policies to Defend Against CC Attacks
- Enabling Alarm Notifications for DDoS Attacks
- Enabling Logging
- Viewing Statistics
- Managing Instances
- Managing Domain Names
- Certificate Management
- Managing Forwarding Rules
- Viewing Monitoring Metrics
- Querying Audit Logs
- Scheduling Center Quotas
-
CNAD Basic (Anti-DDoS) User Guide
- Best Practices
-
API Reference
- Before You Start
- API Overview
- API Calling
-
API
-
Anti-DDoS Management
- Querying the List of Defense Statuses of EIPs
- Querying Optional Anti-DDoS Defense Policies
- Querying Weekly Defense Statistics
- Querying Configured Anti-DDoS Defense Policies
- Updating Anti-DDoS Defense Policies
- Querying the Traffic of a Specified EIP
- Querying Events of a Specified EIP
- Querying Configured Anti-DDoS Defense Policies
- Anti-DDoS Task Management
- Alarm configuration management
- Default Protection Policy Management
-
Anti-DDoS Management
- Examples
- Appendix
- Out-of-Date APIs
- SDK Reference
-
FAQs
-
General FAQs
- What Are Regions and AZs?
- What Is the Black Hole Policy of HUAWEI CLOUD?
- What are the Relationships Between ADS and Anti-DDoS Traffic Cleaning, CNAD Pro, and AAD?
- What Are the Differences Between Anti-DDoS and Advanced Anti-DDoS?
- What Are a SYN Flood Attack and an ACK Flood Attack?
- What Is a CC Attack?
- What Is a Slow HTTP Attack?
- What Are a UDP Attack and a TCP Attack?
- What Are the Differences Between DDoS Attacks and Challenge Collapsar Attacks?
- What Is the Maximum Protection Capacity Provided by Huawei Cloud Anti-DDoS for Free?
- What Can I Do If an IP Address Is Blocked?
- Does Anti-DDoS Support the Transparent Access Mode?
- Does Anti-DDoS Service Provide SDKs?
- How Do I Migrate Instance Resources in an Enterprise Project?
-
CNAD Basic (Anti-DDoS) FAQs
-
About Anti-DDoS
- How Will Anti-DDoS Be Triggered to Scrub Traffic?
- Does Anti-DDoS Traffic Scrubbing Affect Normal Services?
- What Are the Restrictions of Using Anti-DDoS?
- What Is the Protection Capacity of Anti-DDoS?
- What Data Can Be Provided by Anti-DDoS?
- Which Regions Does Anti-DDoS Support?
- What Can Be Protected by Anti-DDoS?
- Can Anti-DDoS Be Used Across Clouds or By Multiple Accounts?
- How to Determine Whether an Attack Occurs?
-
About Basic Functions
- What Would Happen When I Am Under a DDoS Attack Exceeding 500 Mbit/s?
- Which Types of Attacks Does Anti-DDoS Mitigate?
- What Should I Do If My Service Is Frequently Attacked?
- What Is the Difference Between ELB Protection and ECS Protection?
- Why Is the Number of Times of Cleaning Different from the Number of Attacks for the Same Public IP Address?
- Is Anti-DDoS Enabled by Default?
- Does Anti-DDoS Protect a Region or a Single IP Address?
- Do I Need to Release Anti-DDoS Resources When I Delete an Account?
- How Do I View the Traffic Scrubbing Frequency?
- How Can I View Anti-DDoS Protection Statistics?
- How Can I View the Monitoring Data of a Public IP Address in Anti-DDoS?
- How Can I View an Interception Report?
- Can I Disable Anti-DDoS Completely?
- How Do I Check Whether the Inbound Traffics Are Routed Through Anti-DDoS Devices?
- About Threshold and Black Hole
- About Alarm Notification
- About Service Faults
-
About Anti-DDoS
-
CNAD Advanced FAQs
-
Function Consulting
- What Is Unlimited Protection?
- Can CNAD Advanced Protect Non-Huawei Cloud and On-Premises IP Addresses?
- Does CNAD Advanced Protect IPv6 Addresses?
- What Do I Do If an IP Address Protected by CNAD Advanced Is Blocked?
- What Are the Protection Objects of CNAD Advanced?
- How Many Layers of Attacks Can CNAD Advanced Defend Against?
- How Long Does It Take to Switch Traffic from CNAD Advanced Back to AAD?
- Can CNAD Advanced Be Used Across Regions?
- What Is A Dedicated EIP?
- Billing
-
Function Consulting
-
AAD FAQs
-
Function Specifications
- What Service Ports Does AAD Support?
- What Forwarding Protocols Does AAD Support?
- Can I Change My Protection Bandwidths?
- Can an AAD Origin Server Use a CDN CNAME?
- What Is the Maximum Protection Capability When I Purchase 10 Gbit/s as the Basic Protection Bandwidth and 20 Gbit/s as the Elastic Protection Bandwidth?
- Does AAD Use a Public IP Address to Switch Traffic Back to Origin Servers?
- What Is the Maximum Number of Domain Names AAD Can Protect?
- How Much Additional Latency Will Be Incurred When AAD Is Deployed?
- Is There a Limit to the Number of Concurrent Requests?
- How Do I Disable Advanced Anti-DDoS?
-
Access Configuration
- Can I Connect My Service System to AAD If It Is Not Running on HUAWEI CLOUD?
- How Do I Check Whether a Protected Domain Name Is Correctly Configured After I Connect It to AAD?
- What Can I Do When Message "Invalid request" Is Displayed When I Upload an HTTPS/WebSockets Certificate?
- How Do I Convert a Non-PEM Certificate into a PEM One?
- How Do I Enable Both AAD and WAF?
- How Do I Connect My Service System to AAD?
- How Is CNAME-based Access Implemented?
- How Does AAD Distribute Traffic When There Are Multiple Origin Servers?
- How Do I Check Whether a Back-to-Origin IP Address Has Been Whitelisted on My Origin Server?
- How Do I Change the Exposed IP Address of an Origin Server?
- How Do I Query the Back-to-Origin IP Address Range?
- Can I Migrate Enterprise Project Resources After Adding the Protected Domain Name?
- Can I Build My Own Anti-DDoS System Using HUAWEI CLOUD ECSs?
- How Do the AAD Blacklist and Whitelist Protect Customer's Servers?
- Do I Still Need to Configure the Blacklist and Whitelist in WAF Protection Policies After Configuring Them in DDoS Protection Policies?
- How Do I Use a Domain Name to Access Both IPv4 and IPv6 Services?
- What Should I Do If I Receive a Message Stating That the Domain Name Already Exists When Trying to Connect?
-
Faults
- What Should I Do When Encountering an Access Freezing, Delay, or Failure?
- Why Is Error 504 Displayed When I Access a Website After AAD Is Configured?
- How Do I Identify the Type of Attacks?
- What Should I Do If Error 500, 502, or 504 Is Reported When I Access My Website After I Enable Basic Web Protection for My Domain Name?
- What Can I Do If I Failed to Configure a Forwarding Rule?
- What Can I Do If My UDP Traffic Is Blocked?
- How Do I Unblock the Access That Has Been Automatically Blocked Due to the Threshold-Overtopped Attack Traffic?
- Why Can't I Specify Certain Ports When Configuring the Forwarding Rule?
- Error Message "Received fatal alert" Is Displayed After a Domain Name Is Bound to AAD
-
Product
- What Is a Protected IP Address?
- Does AAD Support Weighted Back-to-Origin?
- Can AAD Be Used Across Regions?
- What Is a CNAME Record?
- What is BGP?
- What Is the Origin Server Port of AAD?
- What Is the Origin Server IP Address?
- What Website IP Addresses Is Protected by AAD?
- What Is Service Bandwidth?
- What Is a Forwarding Protocol?
- Are Services Interrupted When They Are Being Connected to AAD?
- Can a Domain Name Be Bound to Multiple AAD Instances?
- Why Does the High-Defense IP Address Actually Receive Access Requests from a Client After AAD Is Deployed?
- Why Does the Attack Traffic Volume Increase After AAD Is Deployed?
- Will the Origin Server Be Exposed When the Attack Traffic Volume Increases After AAD Is Deployed?
- How Does AAD Protect Origin Server IP Addresses?
- Does AAD Support Two-Way SSL Authentication?
- Can I Modify or Delete the Certificates Uploaded to AAD?
- What Will Happen If My Service Traffic Exceeds the Configured Service Bandwidth?
- Is Advanced Anti-DDoS Software or Hardware?
- Does AAD Support IPv6 Protection?
- Why Is the Traffic of AAD Inconsistent with That of ELB?
-
Fees
- How Is AAD Billed?
- Why Does My Payment Status Not Update After I Make a Payment?
- Will I Be Charged If I Buy an Elastic Protection Bandwidth and My Elastic IP Address Is Not Attacked for the Whole Month?
- What Happens If the Attack Traffic Exceeds the Elastic Protection Bandwidth?
- Can I Adjust My Elastic Protection Bandwidth From 100 Gbit/s to 200 Gbit/s When I Find 100 Gbit/s Is Insufficient?
- What Is the Charge If My IP Address Is Attacked Many Times a Day?
- How Do I Stop Elastic Protection to Avoid Being Charged for the Elastic Protection Bandwidth?
- How Can I Renew the AAD Service?
- How Can I Unsubscribe from the AAD Service?
- How Should I Automatically Renew AAD?
- Can the Original Configuration Data Be Saved After I Unsubscribe from an AAD Instance?
- How Is the Elastic Bandwidth Charged?
-
Function Specifications
-
General FAQs
- Videos
-
More Documents
-
User Guide (Ankara Region)
- Service Overview
- Enabling Anti-DDoS
- Viewing a Public IP Address
- Enabling Alarm Notification
- Configuring an Anti-DDoS Protection Policy
- Viewing a Monitoring Report
- Viewing an Interception Report
-
FAQs
-
About Anti-DDoS
- What Is Anti-DDoS?
- What Are a SYN Flood Attack and an ACK Flood Attack?
- What Is a CC Attack?
- What Is a Slow HTTP Attack?
- What Are a UDP Attack and a TCP Attack?
- What Is the Million-level IP Address Blacklist Database?
- How Will Anti-DDoS Be Triggered to Scrub Traffic?
- Does Anti-DDoS Traffic Cleaning Affect Normal Services?
- How Does Anti-DDoS Scrub Traffic?
- What Are the Restrictions of Anti-DDoS?
- About Basic Functions
- About Alarm notification
-
About Anti-DDoS
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- API Calling
-
API
-
Anti-DDoS APIs
- Querying Optional Anti-DDoS Defense Policies
- Enabling Anti-DDoS
- Querying Configured Anti-DDoS Defense Policies
- Updating Anti-DDoS Defense Policies
- Querying Anti-DDoS Tasks
- Querying the List of Defense Statuses of EIPs
- Querying the Defense Status of a Specified EIP
- Querying the Traffic of a Specified EIP
- Querying Events of a Specified EIP
- Querying Weekly Defense Statistics
- Alarm Reminding APIs
-
Anti-DDoS APIs
- Appendix
- Change History
-
User Guide (Ankara Region)
- General Reference
Copied.
Before You Start
The Anti-DDoS service protects public IP addresses against Layer 4 to Layer 7 distributed denial of service (DDoS) attacks and sends alarms immediately when detecting an attack. Anti-DDoS improves the bandwidth utilization and ensures the stable running of user services.
Anti-DDoS monitors the service traffic from the Internet to public IP addresses and detects attack traffic in real time. It then scrubs attack traffic based on user-configured defense policies without interrupting service running. It also generates monitoring reports that provide visibility into the network traffic security.
This document describes how to use application programming interfaces (APIs) to perform operations to Anti-DDoS, such as querying or updating Anti-DDoS protection policy. For details about all supported operations, see API Overview.
API Calling Description
Anti-DDoS provides Representational State Transfer (REST) APIs, allowing you to use HTTPS requests to call them. For details, see API Calling.
Endpoints
An endpoint is the request address for calling an API. Endpoints vary depending on services and regions. For the endpoints of all services, see Regions and Endpoints.
Concepts
- Account
An account is created upon successful registration. The account has full access permissions for all of its cloud services and resources. It can be used to reset user passwords and grant user permissions. The account is a payment entity and should not be used to perform routine management. For security purposes, create IAM users and grant them permissions for routine management.
- User
An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
The account name, username, and password will be required for API authentication.
- Region
Regions are divided based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region. Regions are classified as universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides services of the same type only or for specific tenants.
- Availability Zone (AZ)
An AZ comprises one or multiple physical data centers equipped with independent ventilation, fire, water, and electricity facilities. Compute, network, storage, and other resources in an AZ are logically divided into multiple clusters. AZs within a region are interconnected using high-speed optical fibers to support cross-AZ high-availability systems.
- Project
Projects group and isolate resources (including compute, storage, and network resources) across physical regions. A default project is provided for each region, and subprojects can be created under each default project. Users can be granted permissions to access all resources in a specific project. For more refined access control, create subprojects under a project and create resources in the subprojects. Users can then be assigned permissions to access only specific resources in the subprojects.
Figure 1 Project isolation model
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot