Edge Security
  • Overview
  • DDoS Protection
    • DDoS Protection Overview
    • Exclusive DDoS Protection Usage
    • Configuration of Exclusive DDoS protection Rules
      • Increase DDoS Protection Level
      • Exclusive DDoS Traffic Alarm
      • Configuration IP blocklist/allowlist
      • Configuration Region Blocking Rule
      • Configuration Port Filtering
      • Configuration Features Filtering
      • Configuration Protocol Blocking Rule
      • Configuration Connections Attack Protection
      • Related References
        • Action
        • Related Concepts Introduction
  • Web Protection
    • Overview
    • Managed rules
    • CC attack defense
    • Custom rule
    • Custom Rate Limiting Rules
    • Exception Rules
    • Managed Custom Rules
    • Web security monitoring alarm
    • Refer
      • Web Protection Request Processing Order
      • Action
      • Match Condition
  • Bot Management
    • Overview
    • Bot Intelligent analysis
    • Bot Basic Feature Management
    • Client Reputation
    • Active Detection
    • Custom Bot Rule
    • Bot Exception Rule
    • Related References
      • Action
  • Rules Template
  • IP and IP Segment Grouping
  • Origin Protection
  • Custom Response Page
  • Alarm Notification
  • SSL/TLS
    • Overview
    • Deploying/Updating SSL Certificate for A Domain Name
    • Configuring A Free Certificate for A Domain Name
    • HTTPS Configuration
      • Forced HTTPS Access
      • Enabling HSTS
      • SSL/TLS Security Configuration
        • Configuring SSL/TLS Security
        • TLS Versions and Cipher Suites
      • Enabling OCSP Stapling

DDoS Protection Overview

What is a DDoS attack

A Distributed Denial of Service (DDoS) attack refers to an attacker remotely controlling a large number of zombie hosts through the network to send a large amount of attack requests to one or more targets, blocking the target server's network bandwidth or exhausting the target server's system resources, making it unable to respond to normal service requests.

The harm of DDoS attacks

If a DDoS attack causes business interruption or damage, it will bring huge commercial losses.
Significant economic loss: After suffering a DDoS attack, the origin server may not be able to provide services, causing users to be unable to access your business, resulting in huge economic losses and brand losses.
Data leakage: Hackers may take the opportunity to steal your core business data while launching a DDoS attack on your server.
Malicious competition: Some industries have vicious competition, and competitors may use DDoS attacks to maliciously attack your services, thereby gaining an advantage in industry competition.

DDoS protection usage scenarios

Games: The game industry is a heavy-hit area for DDoS attacks. DDoS protection can effectively ensure the availability and continuity of games, guarantee a smooth experience for game players, and escort and protect activities, new game releases, or holiday game revenue peak periods to ensure the normal operation of the game business.
Internet: Ensure the smooth access of Internet web pages, uninterrupted normal business, and provide security escort for major events such as e-commerce promotions.
Finance: Meet the compliance requirements of the financial industry and ensure the real-time and security stability of online transactions.
Government: Meet the security needs of national government cloud construction standards, provide security guarantees for major conferences, events, and sensitive periods, ensure the normal availability of people's livelihood services, and maintain government credibility.
Enterprise: Ensure the continuous availability of enterprise site services, avoid economic and corporate brand image loss problems caused by DDoS attacks, and save security costs with zero hardware and zero maintenance.

EdgeOne DDoS Protection

DDoS Protection Scope

EdgeOne provides and enables protection against L3/L4 traffic-based DDoS attacks for all connected businesses. It monitors the network traffic in real time and performs traffic cleaning and filtering immediately after a DDoS attack is detected. The DDoS protection feature offers preset protection policies based on attack profiles, behavior pattern analysis, AI intelligent recognition, and other protection algorithms to detect and filter the following types of DDoS attacks.
Protection classification
Description
Malformed message filtering
Filter frag flood, smurf, stream flood, land flood attacks, filter IP malformed packets, TCP malformed packets, UDP malformed packets.
Network layer DDoS attack protection
Filter UDP Flood, SYN Flood, TCP Flood, ICMP Flood, ACK Flood, FIN Flood, RST Flood, DNS/NTP/SSDP reflection attacks, empty connections.
DNS DDoS attack
DNS DDoS attacks mainly include DNS Request Flood, DNS Response Flood, fake source + real source DNS Query Flood, Authoritative server attack, and Local server attack.
Connection-based DDoS attack
Connection-based DDoS attacks mainly refer to TCP slow connection attacks, Connection flood attacks, Loic, Hoic, Slowloris, Pyloris, Xoic, and other slow attacks.

DDoS Protection Specifications

The default protection specification of the EdgeOne platform provides basic DDoS protection capabilities and resources for all businesses connected to EdgeOne, enabling basic protection for most site businesses and TCP/UDP applications in daily use. On this basis, for businesses that have an expected higher risk of severe DDoS attacks, need to maintain long connections, or require customized traffic control policies, EdgeOne offers exclusive DDoS protection solutions that meet the corresponding traffic filtering needs. The specific specifications are as follows:
Feature Name
Default Platform Protection
Exclusive DDoS Protection
Automatic detection and cleaning of L3/L4 attacks1
Exclusive access IP address
-
Dedicated bandwidth resources for DDoS protection2
-
Exclusive cleaning center resources
-
Supporting custom traffic filtering policies3
-
Supports configuring the following traffic filtering policies:
IP blocking
Region blocking
Protocol blocking
Port filtering
Traffic feature filtering
Connection-based attack filtering
Note:

Note 1
: By default, automatic cleaning and protection is performed only for the attack traffic exceeding 100 Mbps (the attack traffic is based on traffic statistics of a single region and the threshold is for reference only. Please refer to actual protection).

Note 2:
The default platform protection does not guarantee the resource capacity for DDoS protection. If your business has experienced traffic-based DDoS attacks, please consider selecting an appropriate specification of exclusive DDoS protection and reserving dedicated protection resources to ensure the business availability.

Note 3:
Custom traffic filtering policies are only supported for L4 proxy instances with exclusive DDoS protection enabled. For sites accessed through the domain name, network traffic filtering is not supported. If you need to filter accessing clients, please use Web Protection - Custom Rules.
Note 4: The attack traffic cleaned by DDoS protection is not billed. For details, refer to About "clean traffic" billing instructions. For the billing mode of the traffic cleaned by exclusive DDoS protection, refer to Dedicated DDoS Mitigation Fee (Pay-as-You-Go).
Note 5: The actual protection capacity of the DDoS protection feature is dynamically adjusted based on the actual capacity and resource allocation of the infrastructure. When the scale of a DDoS attack exceeds the protection capacity of the EdgeOne infrastructure, EdgeOne will implement mitigation measures including (but not limited to) traffic scheduling, traffic throttling, and access blocking to ensure the infrastructure stability.

EdgeOne Exclusive DDoS protection introduction

Applicable Scenarios

Exclusive DDoS protection is an enhanced DDoS protection paid feature launched by EdgeOne, providing exclusive access to the cleaning center. When the platform's default protection cannot meet the smooth operation of your business, you can use Exclusive DDoS protection to help protect your business's normal operation. After Exclusive DDoS protection is enabled, it will provide your business with protection resources including the cleaning centers for traffic cleaning, and provide the promised protection bandwidth value according to the guaranteed protection capacity and elastic protection capacity you purchased.
Note:
Exclusive DDoS protection can only be subscribed to by EdgeOne Enterprise plan.

Capability introduction

1. The default access node uses the cleaning center, providing greater DDoS protection capabilities, up to T-level.
2. Promised protection capacity, flexible selection of Global (MLC excluded), Chinese mainland, and Global protection specs according to business deployment.
3. In addition to the automatic cleaning and recognition mechanism, EdgeOne DDoS protection can provide diversified and flexible custom DDoS protection strategies according to your business protection needs. You can flexibly set them according to the special characteristics of your business to deal with constantly changing attack methods. For L4 proxy instances, the following custom rule configuration capabilities are supported:
Note:
When a request matches multiple rules at the same time, it is processed in the following rule order.
Protection module
Configurations
Limit access to EdgeOne sites by matching IP blocklist/allowlist in DDoS attacks.
Limit access to EdgeOne sites within a specified port range by customizing port rules in DDoS attacks.
Allow users to access EdgeOne sites only through specified protocols.
Support protection against connection-based attacks and automatically block clients with abnormal connection behavior.
Support custom blocking policies for IP, TCP, and UDP message headers or payloads in DDoS attacks.
Limit access to EdgeOne sites by matching regions in DDoS attacks.