边缘安全

概述
DDoS 防护
- DDoS 防护概述
- 使用独立 DDoS 防护
- 配置独立 DDoS 防护策略
  - 调整 DDoS 防护等级
  - 独立 DDoS 攻击流量告警
  - 配置 IP 黑白名单
  - 配置区域封禁
  - 配置端口过滤
  - 配置特征过滤
  - 配置协议封禁
  - 配置连接类攻击防护
  - 相关参考
    - 处置方式
    - 相关概念介绍
Web 防护
- 概述
- 配置Web防护策略
- 托管规则
- CC 攻击防护
- 带宽滥用防护
- 自定义规则
- 自定义速率限制规则
- 防护例外规则
- 托管定制规则
- Web 安全监控告警
- 相关参考
  - Web 防护请求处理顺序
  - 处置方式
  - 匹配条件
Bot 管理
- 概述
- Bot 智能分析
- Bot 基础特征管理
- 客户端画像分析
- 主动特征识别
- 自定义 Bot 规则
- Bot 管理例外规则
- 相关参考
  - 处置方式
策略模板
IP 和网段分组
源站防护
自定义响应页面
告警通知推送
SSL/TLS
- 概述
- 部署/更新 SSL 托管证书至 EdgeOne 域名
- 使用免费证书部署至 EdgeOne 域名
- 双向认证
- HTTPS 配置
  - 强制 HTTPS 访问
  - 启用 HSTS
  - SSL/TLS 安全配置
    - 配置 SSL/TLS 安全等级
    - TLS 版本及密码套件说明
  - 开启 OCSP 装订
- 引用
  - 使用OpenSSL生成自签名证书
  - 证书格式要求
- 使用无密钥证书

当前内容仅提供英语版本，中文版我们将尽快补充，感谢您的理解。

独立 DDoS 攻击流量告警

The DDoS attack traffic alert function allows users to set custom attack traffic rate alert thresholds for DDoS protection instances. When the detected attack traffic rate exceeds the set threshold, the system will send an alert notification to help users understand and respond to potential DDoS attacks in a timely manner. Upon receiving the attack traffic rate alert, users should pay attention to the operation of their business, refer to the number of connections, visitor volume, normal session count, and other normal business indicators, combined with the number of online users and other business indicators, to evaluate the health of their business and determine whether it is affected by a DDoS attack.
Note：
This function is only applicable to users who have subscribed to a separate DDoS protection instance, and the alert is only for L3/L4 (network layer) attack traffic rates.
Scenario: Configure alert thresholds for L4 proxy standalone DDoS protection instances
Example Scenario
A game client's current business has purchased a standalone DDoS protection capability for L4 proxy service, with a guaranteed protection capacity of 30,000 Mbps. When encountering a DDoS attack traffic exceeding 20,000 Mbps, the client needs to be informed and pay attention in advance so that they can take measures to upgrade their protection capability in time to avoid affecting the normal access of their business.
Directions
1. Log in to the EdgeOne console, click on the site list in the left menu bar, click on the site to be configured in the site list, and enter the site details page.
2. On the site details page, click on Security > Alarm Notification, and enter the details page.
3. In the DDoS alarms card, click on the set.
4. In the alert configuration page, for the current scenario, you can select the L4 proxy instance you need to configure, enable the custom threshold switch, click on edit, modify the alert threshold to 20000 Mbps, and click save to take effect.
Note：
The default alert domain is effective for all business types. If you need to customize the alert threshold, you need to enable the custom threshold switch.
﻿
﻿
﻿
Related Reference
Monitoring Range
The monitoring range of the DDoS attack traffic alert function is corresponding to the IP. In actual operation, multiple domain services may use the same protection instance IP, so the alert is for the protection instance, not the specific domain.
The set alert threshold is only for the detected attack traffic rate, not the total business traffic rate.
Trigger Method
Note：
The attack traffic rate alert is based on the instantaneous peak, while the attack traffic rate trend chart on the console is based on the minute dimension average, so there may be differences when comparing the two.
The DDoS attack traffic alert function uses the attack traffic rate instantaneous peak as the statistical method, with the unit being Mbps. The alert function monitors the traffic situation of the protection instance, and when the attack traffic rate reaches or exceeds the user-set threshold, it sends an alert notification.
﻿