IP Access Limit Configuration
Last updated: 2019-12-02 15:41:57PDF
CDN supports configuring the IP access frequency limit to protect against CC attacks by limiting the number of access requests per second to a node allowed for a client. After the configuration is enabled, a 514 error will be returned for requests that exceed the QPS limit. Setting a lower limit may affect the normal usage of high-frequency users. Please set the limit according to your actual business needs.
Viewing the Configuration
- Log in to the CDN Console and click Domain Management on the left sidebar to enter the management page.
- Find the domain name you want to edit and click Manage in the operation column.
- Click the Access Control tab and configure the IP Access Limits module.
The “IP Access Limits” feature is disabled by default.
Modifying the IP Access Limits
- Go to the IP Access Limits module and toggle the switch on. The system will automatically input a default limit based on the average single-IP access requests in the last 30 days. You can view this limit in the IP Access Limit field below.
The default limit is calculated as follows: The number of access requests by a single IP at each of the 288 statical points per day (one point per 5 minutes) is calculated, and the 30 highest values in the last 30 days are averaged as the default limit. The default minimum limit is 10 QPS and for reference only. We recommend setting the limit based on your business fluctuations.
- Click Edit.
- Set the IP access limit and click OK.
If the domain name
www.test.com is configured with the following IP access limit:
- If a user with IP
188.8.131.52requests the resource
http://www.test.com/1.jpgfor 11 times in one second, and all the access requests are made to one server on the CDN cache node A, then there will be 11 access logs generated on this server, one of which exceeds the QPS limit, and the status code “514” will be returned.
- If a user with IP
184.108.40.206requests the resource
http://www.test.com/1.jpgfor 11 times in one second, and the access requests are evenly distributed on multiple CDN cache nodes, then each node will return the content.