Protection Policy Overview

CNAD provides various protection policies. After purchasing an instance, you can select an appropriate protection policy based on service requirements. For details, see Table 1.

If the protection policy is incorrectly configured, attacks may fail to be defended against or traffic may be incorrectly scrubbed. Exercise caution when performing this operation.

**Table 1** Protection policies
Protection Policy	Section	Description
Basic protection	Configuring a Basic Protection Policy to Intercept Attack Traffic	Configure a basic protection policy for protected objects. If the DDoS attack bandwidth for an IP address surpasses the configured scrubbing threshold, CNAD is activated to scrub the attack traffic, ensuring service availability.
IP address blacklist or whitelist	Blocking or Permitting Traffic From Specified IP Addresses Using a Blacklist and Whitelist	You can configure an access control list to control access to your IP addresses.
Fingerprint filtering	Setting a Traffic Handling Policy Based on Fingerprint Features	You can configure fingerprint filtering protection rules to match the content at a specified location within a data packet. Based on the matching result, you can set actions such as discarding, allowing, or rate limiting.
Port blocking	Blocking Traffic to a Specified Port	If a destination port is unnecessary for access, you can set up a port blocking policy to block traffic from reaching the port, thereby minimizing DDoS attack risks.
Protocol-based access block	Blocking Traffic of a Specified Protocol	You can block source traffic destined for the protected objects by protocol type. UDP, TCP, and ICMP protocols can be blocked.
Watermarking	Using Watermarks to Defend Against CC Attacks	CNAD supports the sharing of watermark algorithms and keys with the service end. All packets sent by the client are embedded with watermarks, which can effectively defend against layer-4 CC attacks.
Advanced protection	Using Advanced Protection Policies to Restrict Abnormal Connections	If an origin server IP address frequently sends a high volume of abnormal connection packets within a short period, you can set up an advanced protection policy to blacklist the origin server IP address for a certain period. Access from it can be restored once the blacklist period ends.
Geo-blocking	Blocking Traffic From Specified Locations	CNAD can block traffic from specified geographic regions. Once the policy is in effect, access traffic from the designated region will be discarded.

Parent Topic: Adding a Protection Policy

Previous topic: Adding a Protection Policy

Next topic: Configuring a Basic Protection Policy to Intercept Attack Traffic

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot