Anti-DDoS Pro supports the CC protection function. When the HTTP request amount calculated by Anti-DDoS Pro exceeds the set HTTP Request Threshold, CC protection is automatically triggered. Meanwhile, Anti-DDoS Pro supports URL allowlist, IP allowlist, and IP blocklist policies:
You can custom the protection policy according to the features and protection needs of your business to block CC attacks more accurately.
The custom policy takes effect only when Anti-DDoS Pro is under attack.
Match mode: Each custom policy may have up to 4 conditions for feature control, and these conditions have “and” relation, which means all conditions must be matched before the policy takes effect.
Speed limit mode: Each custom policy only allows for setting 1 policy condition.
Enter policy name, which consists of 1-20 characters. Character type is not restricted.
Match Mode: When it detects requests matched the corresponding HTTP field, it will block the request or require human-machine recognition.
Speed Limit Mode: Limits the speed of source IP access.
When you select Match Mode, it supports a combination of multiple features such as
User-Agent from HTTP messages. The combination logic includes contain, not contain, and equal to. You can set up to 4 policy conditions for feature control as described below:
|host||Domain name of the access request||contain, not contain, equal to|
|CGI||URL of the access request||contain, not contain, equal to|
|Referer||Source website of the access request, which means at which webpage the access request is generated||contain, not contain, equal to|
|User-Agent||Information like browser identifier of the requester client||contain, not contain, equal to|
When you select Speed Limit Mode, you limit the speed of each source IP access. You are allowed to set only one policy condition.
When you add a URL to the Anti-DDoS Pro allowlist, the HTTP protocol header is optional. But Anti-DDoS Pro supports only HTTP protocol. Example: