International
中国站
Console
PrevNext
search by keyword

Recent Pages

Documentation
Anti-DDoS Pro
    Documentation
    Download PDF

    Protection Level and Cleansing Threshold

    Last updated: 2021-01-06 18:32:10
    Download PDF

      This document introduces the use cases of different protection levels and the actions Anti-DDoS Pro takes to defend against DDoS attacks. You can follow this guide to set the DDoS protection levels in the console.

      Use Cases

      Anti-DDoS Pro provides three available protection levels for you to adjust protection policies against different DDoS attacks. The details are as follows:

      Protection Level Protection Action Description
      Loose
      • Filters SYN and ACK data packets with explicit attack attributes.
      • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
      • Filters UDP data packets with explicit attack attributes.
    • This cleansing policy is loose and only defends against explicit attack packets.
    • We recommend choosing this protection level when normal requests are blocked. Complex attack packets may pass through the security system.
      		•
      Medium
      • Filters SYN and ACK data packets with explicit attack attributes.
      • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
      • Filters UDP data packets with explicit attack attributes.
      • Filters common UDP-based attack packets.
      • Actively verifies the source IPs of some access attempts.
    • This cleansing policy is suitable for most businesses and capable of defending against common attacks.
    • The level Medium is chosen by default.
      		•
      Strict
      • Filters SYN and ACK data packets with explicit attack attributes.
      • Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.
      • Filters UDP data packets with explicit attack attributes.
      • Filters common UDP-based attack packets.
      • Actively verifies the source IPs of some access attempts.
      • Filters ICMP attack packets.
      • Filters common UDP attack data packets.
      • Strictly checks UDP data packets.
      		 This cleansing policy is strict. We recommend choosing this level when attack packets pass through the security system on Normal mode.

      Note:

      • If you need to use UDP in your business, please contact sales to customize an ideal policy for not letting the level Strict affect normal business process.
      • The level Medium is chosen by default in each Anti-DDoS Pro instance.

      Prerequisites

      You have successfully purchased an Anti-DDoS Pro instance and set the protected target.

      Directions

      1. Log in to the DDoS console and click Anti-DDoS Pro (New) -> Configurations on the left sidebar.
      2. Select an Anti-DDoS Pro ID from the left list, e.g., bgp-000000iu, and then open the IP and Port Protection tab.
      3. Choose a protection level in the DDoS Protection Level section.

      Was this page helpful?

      Confirm

      Was this page helpful?

      • Not at all
      • Not very helpful
      • Somewhat helpful
      • Very helpful
      • Extremely helpful
      Send Feedback
      Hide
      Submit a TicketContact Us
      Help
      tencent
      Copyright © 2013-2021 Tencent Cloud. All Rights Reserved.
      Privacy PolicyTerms of ServiceCookie Policy