Setting a Default Protection Policy for Newly Purchased Public IP Addresses

Prerequisites

You have obtained an account and its password for logging in to the management console.

Manually Setting a Default Protection Policy

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > Anti-DDoS.
4. Select the Public IP Addresses tab and click Set Default Protection Policy.
   Figure 1 Setting a default protection policy for newly purchased public IP addresses
   

5. In the displayed dialog box, select Manual for Protection Settings.
   Figure 2 Manually configuring the default protection policy
   

6. Configure Traffic Cleaning Threshold and CC Defense.

   Table 1 Parameter description

   Parameter	Description
   Traffic Cleaning Threshold	Anti-DDoS scrubs traffic when detecting that the incoming traffic of an IP address exceeds the threshold. You can set the traffic cleaning threshold based on based on your expected traffic volume. Set the threshold to a value closest to the purchased bandwidth but not greater than the purchased bandwidth. NOTE: If service traffic triggers scrubbing, only attack traffic is intercepted. If service traffic does not trigger scrubbing, no traffic is intercepted. Set this parameter based on the actual service access traffic.
   CC Defense	Disable: disables the defense. Enable: enables the defense. NOTE: CC defense is available only for clients that carry web services and support the full HTTP protocol stack. CC defense works in redirection or redirection+verification code mode. If your client does not support the full HTTP protocol stack, you are advised to disable CC defense.
   HTTP Request Threshold	This parameter is required only when CC Defense is set to Enable. This parameter is used to defend against a large number of malicious requests targeting websites. Defense against CC attacks, which aim to exhaust server resources by sending specially crafted GET or POST requests, is triggered when the HTTP request rate on a site reaches the selected value. In EIP protection, the maximum recommended value is 5000. In ELB protection, the value can be larger. Set this parameter to the maximum number of HTTP requests that can be processed by the deployed service. Anti-DDoS will automatically scrub traffic if detecting that the total number of requests exceeds the configured HTTP request threshold. If the value is too large, CC defense will not be triggered promptly.

7. Click OK.

   After you set the default protection policy, the newly purchased public IP addresses are protected based on the configured policy. For details about how to adjust a configured protection policy, see Configuring an Anti-DDoS Protection Policy.

Disabling the Default Protection Policy Manually Configured for Newly Purchased IP Addresses

If you do not want the manually configured protection policy to apply to the new public IP addresses, you can disable it. Then, the Protection Settings in Default mode apply to the new IP addresses.

1. Click in the upper left corner of the page and choose Security & Compliance > Anti-DDoS.
2. Select the Public IP Addresses tab and click Set Default Protection Policy.
   Figure 3 Setting a default protection policy for newly purchased public IP addresses
   

3. Select Default for Protection Settings in the Set Default Protection Policy dialog box.
   The value of Traffic Cleaning Threshold is 120 Mbps and CC Defense is disabled.

   Figure 4 Disabling the default protection policy manually configured for newly purchased IP addresses
   

4. Click OK.

   The Protection Settings in Default mode will apply to the new public IP addresses.