This guide describes protection levels the Anti-DDoS Pro provides in different scenarios and how to set them in the console.
Use Cases
Anti-DDoS Pro provides three available protection levels for you to adjust protection policies against different DDoS attacks. The details are as follows:
Protection Level | Protection Action | Description |
---|
Loose | Filters SYN and ACK data packets with explicit attack attributes.Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.Filters UDP data packets with explicit attack attributes. | This cleansing policy is loose and only defends against explicit attack packets.We recommend choosing this protection level when normal requests are blocked. Complex attack packets may pass through the security system. |
Protection Level | Protection Action | Description |
---|
Medium | Filters SYN and ACK data packets with explicit attack attributes.Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.Filters UDP data packets with explicit attack attributes.Filters common UDP-based attack packets.Actively verifies the source IPs of some access attempts. | Medium is the default level.This cleansing policy is suitable for most businesses and capable of defending against common attacks. |
Protection Level | Protection Action | Description |
---|
Strict | Filters SYN and ACK data packets with explicit attack attributes.Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specifications.Strictly checks and filters UDP data packets with explicit attack attributes and UDP-based attack packets.Actively verifies the source IPs of some access attempts.Filters ICMP attack packets. | This cleansing policy is strict. We recommend choosing this level when attack packets pass through the security system on Normal mode. |
Note:
- If you need to use UDP in your business, please contact Tencent Cloud Technical Support to customize an ideal policy for not letting the level Strict affect normal business process.
- The level Medium is chosen by default in each Anti-DDoS Pro instance.
- The real server may suffer seconds of attacks in the following situations:
- It happens when you are changing the protection level.
- It happens when you are connecting to Anti-DDoS Pro.
Prerequisites
You have successfully purchased an Anti-DDoS Pro instance and set the protected target.
Directions
- Log in to the new Anti-DDoS console and select Anti-DDoS Pro (New) > Configurations on the left sidebar. Open the DDoS Protection tab.
- Select an Anti-DDoS Pro instance ID in the list on the left, such as "bgp-00xxxxxx".
- Choose a protection level in the DDoS Protection Level section.
Was this page helpful?