IP Access Limit Configuration
Last updated: 2019-09-26 12:26:55PDF
CDN supports configuring the IP access frequency limit to protect against CC attacks by limiting the number of access requests per second to a node allowed for a client. After the configuration is enabled, a 514 error will be returned for requests that exceed the QPS limit. Setting a lower limit may affect the use of your business by normal high-frequency users. Please set the limit according to your actual business needs.
Viewing the Configuration
- Log in to the CDN Console and click Domain Management on the left sidebar to enter the management page.
- In the list, find the row of the domain to be edited and click Manage in the operation column.
- Click the Access Control tab and configure the IP Access Limits module.
The “IP access limits” is disabled by default.
Modifying the IP Access Limits
- In the IP Access Limits module, toggle the switch on. After that, the system will recommend a limit based on the average single-IP access requests in the last 30 days, which can be viewed in the IP Access Limit field below.
The default limit is calculated as follows: The number of access requests by a single IP at each of the 288 statical points per day (one point per 5 minutes) is calculated, and the 30 highest values in the last 30 days are averaged as the default limit. The default minimum limit is 10 QPS and for reference only. It is recommended to set it based on your business fluctuations.
- Click Edit.
- Set the IP access limit and click OK.
If the domain name
www.test.com is configured with the following IP access limit:
- If a user with IP
18.104.22.168requests the resource
http://www.test.com/1.jpgfor 11 times in one second, and all the access requests are made to one server on the CDN cache node A, then there will be 11 access logs generated on this server, one of which exceeds the QPS limit, and the status code “514” will be returned.
- If a user with IP
22.214.171.124requests the resource
http://www.test.com/1.jpgfor 11 times in one second, and the access requests are evenly distributed on multiple CDN cache nodes, then each node will return the content normally.