- What's New
- Service Overview
- User Guide
- Best Practices
-
FAQs
-
About Anti-DDoS
- What Is Anti-DDoS?
- What Are a SYN Flood Attack and an ACK Flood Attack?
- What Is a CC Attack?
- What Is a Slow HTTP Attack?
- What Are a UDP Attack and a TCP Attack?
- What Is the Million-level IP Address Blacklist Database?
- How Will Anti-DDoS Be Triggered to Scrub Traffic?
- Does Anti-DDoS Traffic Cleaning Affect Normal Services?
- How Does Anti-DDoS Scrub Traffic?
- What Are the Restrictions of Anti-DDoS?
- What Is the Protection Capacity of Anti-DDoS?
- What Data Can Be Provided by Anti-DDoS?
- In Which Regions Is Anti-DDoS Available?
- What Is the Maximum Protection Capacity Provided by HUAWEI CLOUD Anti-DDoS for Free?
- Which Services Can Use Anti-DDoS?
- Can Anti-DDoS Be Used Across Clouds?
- How to Determine Whether an Attack Occurs?
-
About Basic Functions
- What Are Regions and AZs?
- What Is the HTTP Request Threshold Set for Anti-DDoS Protection?
- What Would Happen When I Am Under a DDoS Attack Exceeding 500 Mbit/s?
- Which Types of Attacks Does Anti-DDoS Mitigate?
- What Should I Do If My Service Is Frequently Attacked?
- What Is the Difference Between ELB Protection and ECS Protection?
- Why Is the Number of Times of Cleaning Different from the Number of Attacks for the Same Public IP Address?
- Is Anti-DDoS Enabled by Default?
- Does Anti-DDoS Protect a Region or a Single IP Address?
- Do I Need to Clear the Resources of Anti-DDoS When I Delete an Account?
- How Do I View the Traffic Cleaning Frequency?
- How Can I View Anti-DDoS Protection Statistics?
- How Can I View Public IP Address Monitoring Data in Anti-DDoS?
- How Can I View an Interception Report?
- Can I Disable Anti-DDoS Completely?
- How Do I Check Whether the Inbound Traffics Are Routed Through Anti-DDoS Devices?
- About Threshold and Black Hole
- About Alarm notification
- Change History
-
About Anti-DDoS
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Viewing a Public IP Address
- Enabling Alarm Notification
- Configuring an Anti-DDoS Protection Policy
- Viewing a Monitoring Report
- Viewing an Interception Report
-
FAQs
-
About Anti-DDoS
- What Is Anti-DDoS?
- What Are a SYN Flood Attack and an ACK Flood Attack?
- What Is a CC Attack?
- What Is a Slow HTTP Attack?
- What Are a UDP Attack and a TCP Attack?
- What Is the Million-level IP Address Blacklist Database?
- How Will Anti-DDoS Be Triggered to Scrub Traffic?
- Does Anti-DDoS Traffic Cleaning Affect Normal Services?
- How Does Anti-DDoS Scrub Traffic?
- What Are the Restrictions of Anti-DDoS?
- About Basic Functions
- About Alarm notification
-
About Anti-DDoS
- Change History
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- API Calling
-
API
-
Anti-DDoS APIs
- Querying Optional Anti-DDoS Defense Policies
- Querying Configured Anti-DDoS Defense Policies
- Updating Anti-DDoS Defense Policies
- Querying Anti-DDoS Tasks
- Querying the List of Defense Statuses of EIPs
- Querying the Defense Status of a Specified EIP
- Querying the Traffic of a Specified EIP
- Querying Events of a Specified EIP
- Querying Weekly Defense Statistics
- Alarm Reminding APIs
-
Anti-DDoS APIs
- Appendix
- Change History
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Viewing a Public IP Address
- Enabling Alarm Notification
- Configuring an Anti-DDoS Protection Policy
- Viewing a Monitoring Report
- Viewing an Interception Report
-
FAQs
-
About Anti-DDoS
- What Is Anti-DDoS?
- What Are a SYN Flood Attack and an ACK Flood Attack?
- What Are a UDP Attack and a TCP Attack?
- What Is the Million-level IP Address Blacklist Database?
- How Will Anti-DDoS Be Triggered to Scrub Traffic?
- Does Anti-DDoS Traffic Cleaning Affect Normal Services?
- How Does Anti-DDoS Scrub Traffic?
- What Are the Restrictions of Anti-DDoS?
- About Basic Functions
- About Alarm notification
-
About Anti-DDoS
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- API Calling
-
API
-
DDoS Protection Management
- Querying the List of Defense Statuses of EIPs
- Querying Anti-DDoS specifications
- Querying Weekly Defense Statistics
- Querying Configured Anti-DDoS Defense Policies
- Enabling Anti-DDoS
- Updating Anti-DDoS Defense Policies
- Querying the Traffic of a Specified EIP
- Querying Events of a Specified EIP
- Querying the Defense Status of a Specified EIP
- Anti-DDoS Task Management
- Alarm Configuration Management
-
DDoS Protection Management
- Status Code
- Anti-DDoS Error Codes
- Obtaining a Project ID
- Change History
-
User Guide (Ankara Region)
- Service Overview
- Enabling Anti-DDoS
- Viewing a Public IP Address
- Enabling Alarm Notification
- Configuring an Anti-DDoS Protection Policy
- Viewing a Monitoring Report
- Viewing an Interception Report
-
FAQs
-
About Anti-DDoS
- What Is Anti-DDoS?
- What Are a SYN Flood Attack and an ACK Flood Attack?
- What Is a CC Attack?
- What Is a Slow HTTP Attack?
- What Are a UDP Attack and a TCP Attack?
- What Is the Million-level IP Address Blacklist Database?
- How Will Anti-DDoS Be Triggered to Scrub Traffic?
- Does Anti-DDoS Traffic Cleaning Affect Normal Services?
- How Does Anti-DDoS Scrub Traffic?
- What Are the Restrictions of Anti-DDoS?
- About Basic Functions
- About Alarm notification
-
About Anti-DDoS
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- API Calling
-
API
-
Anti-DDoS APIs
- Querying Optional Anti-DDoS Defense Policies
- Enabling Anti-DDoS
- Querying Configured Anti-DDoS Defense Policies
- Updating Anti-DDoS Defense Policies
- Querying Anti-DDoS Tasks
- Querying the List of Defense Statuses of EIPs
- Querying the Defense Status of a Specified EIP
- Querying the Traffic of a Specified EIP
- Querying Events of a Specified EIP
- Querying Weekly Defense Statistics
- Alarm Reminding APIs
-
Anti-DDoS APIs
- Appendix
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Show all
Copied.
Configuring an Anti-DDoS Protection Policy
Scenarios
You can adjust your Anti-DDoS protection policy after Anti-DDoS is enabled.
Prerequisites
You have obtained a username and password for logging in to the management console.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select the region and project. - Click
in the upper left corner of the page and choose Security & Compliance > Anti-DDoS.
Figure 1 Anti-DDoS
- Click the Public IP Addresses tab, locate the row that contains the IP address for which you want to set protection, and click Set Protection in the Operation column.
Figure 2 Protection settings
- In the Set Protection dialog box, modify desired parameters. Table 1 describes the parameters.
Figure 3 Protection settings
Table 1 Parameter description Parameter
Description
Protection Settings
- Default: In this mode, Traffic Cleaning Threshold is fixed at 120 Mbps. When the service UDP traffic is greater than 120 Mbps or the TCP traffic is greater than 35,000 pps, traffic scrubbing is triggered and Anti-DDoS will automatically intercept the attack traffic.
- Manual: In this mode, you can set the value of Traffic Cleaning Threshold based on your service needs and enable CC Defense.
NOTE:
- Mbps = Mbit/s (short for 1,000,000 bit/s). It is a unit of transmission rate and refers to the number of bits transmitted per second.
- PPS, short for Packets Per Second, is a measure of throughput for network devices. It means the number of packets sent per second.
Traffic Cleaning Threshold
Anti-DDoS scrubs traffic when detecting that the incoming traffic of an IP address exceeds the threshold.
- When Protection Settings is set to Default, the value of Traffic Cleaning Threshold is 120 Mbps by default.
- When Protection Settings is set to Manual, the value of Traffic Cleaning Threshold can be set based on your service needs. You are advised to set the threshold to a value closest to the purchased bandwidth but not greater than the purchased bandwidth.
NOTE:
If service traffic triggers scrubbing, only attack traffic is intercepted. If service traffic does not trigger scrubbing, no traffic is intercepted.
Set this parameter based on the actual service access traffic. You are advised to set a value closest to, but not exceeding, the purchased bandwidth.
CC Defense
- Disable: disables the defense.
- Enable: enables the defense.
NOTE:
Challenge Collapsar (CC) defense is available only for clients supporting the full HTTP protocol stack because CC defense works in redirection or redirection+verification code mode. If your client does not support the full HTTP protocol stack, you are advised to disable CC defense.
HTTP Request Threshold
This parameter is required only when CC Defense is set to Enable. The unit is qps (short for queries per second). QPS is a common measure of the amount of search traffic an information retrieval system, such as a search engine or a database, receives during one second.
This parameter is used to defend against a large number of malicious requests targeting websites. Defense against CC attacks, which aim to exhaust server resources by sending specially crafted GET or POST requests, is triggered when the HTTP request rate on a site reaches the selected value. In the EIP address protection, the maximum recommended value is 5000. In ELB protection, the value can be larger.
You are advised to set this parameter to the maximum number of HTTP requests that can be processed by the deployed service. Anti-DDoS will automatically scrub traffic if detecting that the total number of requests exceeds the configured HTTP request threshold. If the value is too large, CC defense will not be triggered promptly.
- If the actual HTTP request rate is smaller than the configured value, the deployed service is able to process all HTTP requests, and Anti-DDoS does not need to be involved.
- If the actual HTTP request rate is greater than or equal to the configured value, Anti-DDoS triggers CC defense to analyze and check each request, which affects responses to normal requests.
- Click OK to save the settings.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
