Viewing Instance Details

Last updated: 2019-11-13 16:25:35

PDF

Basic Information

Log in to Anti-DDoS Console, choose Anti-DDoS Pro -> **Protection Configuration, and select the target instance from the drop-down list. You can view the basic information of the instance in the Instance Information area.

Instance Name

Name of the Anti-DDoS Pro instance. It is used to identify and manage Anti-DDoS Pro instances. The length is 1-20 characters. You can set the instance name as required. For more information, please see Setting Instance Name.

Region

The Region you select when you purchase the Anti-DDoS Pro instance.

Binding IPs

The actual business IPs protected by the Anti-DDoS Pro instance.

Base Protection Bandwidth

Base protection bandwidth of the Anti-DDoS Pro instance, that is, the base protection bandwidth you select when you purchase the instance. If the elastic protection is disabled, the base protection bandwidth is the maximum bandwidth of the Anti-DDoS Pro instance.

Status

Current status of the Anti-DDoS Pro instance, including Running, Cleansing, and Blocked.

Expiration Time

It is calculated according to the selected Purchase Duration when you purchase the instance and the order submit time. The expiration time is accurate to second. Tencent Cloud will inform the account creator and related cooperators of the expiration and renewal information through internal messages, SMSs, and emails 7 days before the actual expiration date.

Elastic Protection Information

Log in to Anti-DDoS Console, choose Anti-DDoS Pro -> **Protection Configuration, and select the target instance from the drop-down menu. You can view the elastic protection information of the instance in the Elastic Protection section.

Status

Specifies whether the elastic protection is enabled. If the elastic protection is not enabled when you purchase the Anti-DDoS Pro instance, you can enable it during usage. For more information, please see Configuring Elastic Protection.

Elastic Bandwidth

The maximum elastic protection bandwidth of the Anti-DDoS Pro instance. You can adjust the elastic protection bandwidth as required.

This parameter item is visible only when the elastic protection is enabled.

Anti-DDoS Protection

Log in to Anti-DDoS Console, choose Anti-DDoS Pro -> Protection Configuration, and select the target instance from the drop-down menu. You can view the anti-DDoS protection policy of the instance in the DDoS Protection section.

Protection Status

Specifies whether the DDoS protection is enabled. It is enabled by default. If you disable DDoS protection, your server may crash due to DDoS attacks.

Cleansing Threshold

The threshold for Anti-DDoS Pro to execute cleansing operations. If the traffic is under the threshold, the cleansing operation is not executed even if attacks are detected.

If you know the threshold, see Configuring the Cleansing Threshold and Protection Level to set a threshold. If you do not know the threshold, the anti-DDoS protection system will automatically learn through AI algorithms and generate the default threshold for you.

Protection Level

The protection levels include Loose, Normal, and Strict. The default level is Normal. You can customize the protection level as required. For more information, please see Configuring the Cleansing Threshold and Protection Level.
The following table details the operations for each level.

Protection Level Protection Operation Description
Loose
  • Filters SYN and ACK data packets with explicit attack attributes.
  • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specification.
  • Filters UDP data packets with explicit attack attributes.
The cleansing policy is loose and only protects against explicit attack packets.
You are advised to enable it when normal requests are misblocked. Attack packets may pass through the security system in case of complex attacks.
Normal
  • Filters SYN and ACK data packets with explicit attack attributes.
  • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol.
  • Filters UDP data packets with explicit attack attributes.
  • Filters common attack UDP data packets.
  • Actively verifies the source IPs of some access attempts.
The cleansing policy applies to most services and effectively protects against common attacks.
The normal mode is configured by default.
Strict
  • Filters SYN and ACK data packets with explicit attack attributes.
  • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
  • Filters UDP data packets with explicit attack attributes.
  • Filters common attack UDP data packets.
  • Actively verifies the source IPs of some access attempts.
  • Filters ICMP attack packages.
  • Filters common UDP attack data packets.
  • Strictly checks UDP data packets.
The cleansing policy is strict. You are advised to enable it when pass-through attacks occur under the normal mode.

If your business needs to use UDP protocol, you are advised to contact Tencent Cloud Technical Support to formulate a policy to avoid impact on business operations when in strict mode.

Scenarios

Anti-DDoS Pro supports scenarios settings. After you create a scenario, the backend collects, identifies, and automatically generates an advanced protection policy to implement flexible configuration or maintain the protection policy. For more information, please see Configuring Scenarios.

Advanced Policy

Anti-DDoS Pro provides advanced protection policies against DDoS attacks. You can adjust and optimize the anti-DDoS protection policy as required through blacklists/whitelists, disabling protocols and ports, packet feature filtering policies, and null session protection. For more information about how to add and manage advanced policies, please see Managing DDoS Advanced Protection Policies.

Alarm Threshold of DDoS Attacks

The triggering threshold for the system to push alarm messages in the event of DDoS attacks. When the detected alarm metric is under the threshold, the system will not push alarm messages to specified users in the event of DDoS attacks.