Overview
Menu

Exclusive DDoS Traffic Alarm

The DDoS attack traffic alert function allows users to set custom attack traffic rate alert thresholds for DDoS protection instances. When the detected attack traffic rate exceeds the set threshold, the system will send an alert notification to help users understand and respond to potential DDoS attacks in a timely manner. Upon receiving the attack traffic rate alert, users should pay attention to the operation of their business, refer to the number of connections, visitor volume, normal session count, and other normal business indicators, combined with the number of online users and other business indicators, to evaluate the health of their business and determine whether it is affected by a DDoS attack.
Note:
This function is only applicable to users who have subscribed to a separate DDoS protection instance, and the alert is only for L3/L4 (network layer) attack traffic rates.

Scenario: Configure alert thresholds for L4 proxy standalone DDoS protection instances

Example Scenario

A game client's current business has purchased a standalone DDoS protection capability for L4 proxy service, with a guaranteed protection capacity of 30,000 Mbps. When encountering a DDoS attack traffic exceeding 20,000 Mbps, the client needs to be informed and pay attention in advance so that they can take measures to upgrade their protection capability in time to avoid affecting the normal access of their business.

Directions

1. Log in to the EdgeOne console, click on the site list in the left menu bar, click on the site to be configured in the site list, and enter the site details page.
2. On the site details page, click on security protection > notification push, and enter the notification push details page.
3. In the DDoS attack traffic alert card, click on the setting.
4. In the alert configuration page, for the current scenario, you can select the L4 proxy instance you need to configure, enable the custom threshold switch, click on edit, modify the alert threshold to 20000 Mbps, and click save to take effect.
Note:
The default alert domain is effective for all business types. If you need to customize the alert threshold, you need to enable the custom threshold switch.




Related Reference

Monitoring Range

The monitoring range of the DDoS attack traffic alert function is corresponding to the IP. In actual operation, multiple domain services may use the same protection instance IP, so the alert is for the protection instance, not the specific domain.
The set alert threshold is only for the detected attack traffic rate, not the total business traffic rate.

Trigger Method

Note:
The attack traffic rate alert is based on the instantaneous peak, while the attack traffic rate trend chart on the console is based on the minute dimension average, so there may be differences when comparing the two.
The DDoS attack traffic alert function uses the attack traffic rate instantaneous peak as the statistical method, with the unit being Mbps. The alert function monitors the traffic situation of the protection instance, and when the attack traffic rate reaches or exceeds the user-set threshold, it sends an alert notification.