Updated on 2024-07-05 GMT+08:00

IP Access Frequency

You can restrict the number of times that a single IP address requests a URL from a PoP per second to defend against CC attacks and malicious theft.

Precautions

  • Restricting the IP access frequency can effectively defend against CC attacks, but it may affect normal access.
  • When the threshold is reached, CDN returns status code 403. The restriction is removed 10 minutes later.
  • By default, this function is disabled.

Procedure

  1. Log in to Huawei Cloud console. Choose Service List > Content Delivery & Edge Computing > Content Delivery Network.

    The CDN console is displayed.

  2. In the navigation pane, choose Domains.
  3. In the domain list, click the target domain name or click Configure in the Operation column.
  4. Click the Access Control tab and turn on the IP Access Frequency switch.
    Figure 1 IP access frequency
  5. Set Access Threshold and click OK.
    • When the number of times that a single IP address accesses a single URL via a PoP per second reaches the threshold, CDN returns status code 403 to the client. The restriction is removed 10 minutes later.
    • If you change Access Threshold within the restriction duration, the change takes effect after the restriction is removed.
  6. Turn off the IP Access Frequency switch to disable it.

Example

Configuration: You have restricted the IP access frequency of domain name www.example.com to 10,000 requests/second.

Condition for triggering IP access frequency restriction: The number of times that an IP address requests a URL from a PoP per second reaches 10,000.

Example: A client's IP address is 0.0.0.0. This client accesses https://www.example.com/abc.jpg for 10,000 times within 1 second, triggering the access frequency restriction. When the client accesses this URL again, the request is blocked and status code 403 is returned. The restriction is removed 10 minutes later.