Edge Security
  • DDoS and Web Protection
    • Overview
    • DDoS Protection
      • DDoS Protection Overview
      • Exclusive DDoS Protection Usage
      • Configuration of Exclusive DDoS protection Rules
        • Increase DDoS Protection Level
        • Configuration IP blocklist/allowlist
        • Configuration Region Blocking Rule
        • Configuration Port Filtering
        • Configuration Features Filtering
        • Configuration Protocol Blocking Rule
        • Configuration Connections Attack Protection
        • Exclusive DDoS Traffic Alarm
        • Related References
          • DDoS Protection Processing Order
          • Action
          • Related Concepts Introduction
      • Related References
        • DDoS Protection Console Update (2026-01-12)
    • Web Protection
      • Overview
      • Configuring Web Protection Policy
      • Custom rule
      • Rate Limiting
        • Bandwidth Abuse Protection
        • CC attack defense
        • Custom Rate Limiting Rules
      • Hosting Rules
        • Managed rules
        • High-Frequency Scan Protection
      • Exception Rules
      • Managed Custom Rules
      • Web security monitoring alarm
      • Related References
        • Web Protection Request Processing Order
        • Action
        • Match Condition
    • Bot Management
      • Overview
      • AI Crawler Control
      • Bot Intelligent analysis
      • Bot Basic Feature Management
      • Client Reputation
      • Active Detection
      • Custom Bot Rule
      • Client authentication (Beta)
        • Overview
        • Attestation Flow
        • Integration Guidelines
          • Step 1: Configure Authentication Method
          • Step 2: Integrate Client Authentication
            • Browser & WebView Integration
            • iOS Integration
            • iOS Integration
            • Mobile Integration References
          • Step 3: Configure Client Attestation Rules
          • Step 4: Verify Client Attestation
      • Related References
        • Action
    • API Discovery(Beta)
Docs Overview/
Edge Security/
DDoS and Web Protection/
DDoS Protection/
DDoS Protection Overview/

DDoS Protection Overview

What Is a DDoS Attack

A Distributed Denial of Service (DDoS) attack refers to an attacker remotely controlling a large number of zombie hosts through the network to send a large amount of attack requests to one or more targets, blocking the target server's network bandwidth or exhausting the target server's system resources, making it unable to respond to normal service requests.

The Harm of DDoS Attacks

If a DDoS attack causes business interruption or damage, it will bring huge commercial losses.
Significant economic loss: After suffering a DDoS attack, the origin server may not be able to provide services, causing users to be unable to access your business, resulting in huge economic losses and brand losses.
Data leakage: Hackers may take the opportunity to steal your core business data while launching a DDoS attack on your server.
Malicious competition: Some industries have vicious competition, and competitors may use DDoS attacks to maliciously attack your services, thereby gaining an advantage in industry competition.

DDoS Protection Usage Scenarios

Games: The game industry is a heavy-hit area for DDoS attacks. DDoS protection can effectively ensure the availability and continuity of games, guarantee a smooth experience for game players, and escort and protect activities, new game releases, or holiday game revenue peak periods to ensure the normal operation of the game business.
Internet: Ensure the smooth access of Internet web pages, uninterrupted normal business, and provide security escort for major events such as e-commerce promotions.
Finance: Meet the compliance requirements of the financial industry and ensure the real-time and security stability of online transactions.
Government: Meet the security needs of national government cloud construction standards, provide security guarantees for major conferences, events, and sensitive periods, ensure the normal availability of people's livelihood services, and maintain government credibility.
Enterprise: Ensure the continuous availability of enterprise site services, avoid economic and corporate brand image loss problems caused by DDoS attacks, and save security costs with zero hardware and zero maintenance.

EdgeOne DDoS Protection

After connecting your business to EdgeOne, you'll automatically receive standard DDoS protection, sufficient for most websites and TCP/UDP applications. For businesses at higher risk of DDoS attacks or requiring custom protection rules configuration, EdgeOne DDoS protection product offers a DDoS Defender plan.
Note:
For specific protection capabilities, please refer to the DDoS Protection Capacity Description.

DDoS Protection Scope

EdgeOne provides and enables protection against L3/L4 traffic-based DDoS attacks for all connected businesses. It monitors the network traffic in real time and performs traffic cleaning and filtering immediately after a DDoS attack is detected. The DDoS protection feature offers preset protection policies based on attack profiles, behavior pattern analysis, AI intelligent recognition, and other protection algorithms to detect and filter the following types of DDoS attacks.
Protection classification
Description
Malformed message filtering
Filter frag flood, smurf, stream flood, land flood attacks, filter IP malformed packets, TCP malformed packets, UDP malformed packets.
Network layer DDoS attack protection
Filter UDP Flood, SYN Flood, TCP Flood, ICMP Flood, ACK Flood, FIN Flood, RST Flood, DNS/NTP/SSDP reflection attacks, empty connections.
DNS DDoS attack
DNS DDoS attacks mainly include DNS Request Flood, DNS Response Flood, fake source + real source DNS Query Flood, Authoritative server attack, and Local server attack.
Connection-based DDoS attack
Connection-based DDoS attacks mainly refer to TCP slow connection attacks, Connection flood attacks, Loic, Hoic, Slowloris, Pyloris, Xoic, and other slow attacks.