DDoS Protection Processing Order
DDoS protection provides flexible DDoS custom protection policy for your business protection needs. You can configure flexible policies based on special business characteristics to handle ever-changing attack techniques. For layer 4 proxy instances, it supports the following custom rule configuration capability:
Protection Module | Feature Description |
Limit access to EdgeOne sites via IP blocklist and allowlist match when attacking. | |
Limit access to EdgeOne sites by restricting specified ports with custom port rules during DDoS attacks. | |
Configurable to only allow users through specified protocol to access EdgeOne site. | |
Support for protection against connection-based attacks, with auto-block for clients showing abnormal connect behavior. | |
Support custom policies targeting the characteristics of IP, TCP, and UDP packet headers or payloads in DDoS attacks. | |
Limit access to EdgeOne sites via matching region in DDoS attacks. |
Note:
1. L3/4 DDoS protection policies are only available for L4 proxy instances with advanced or ultimate protection levels. They cannot be configured for other scenarios.
2. When access traffic matches policies of multiple protection modules at the same time, EO will process them by the module order shown in the table.