Aegis Anti-DDoS

Specialized and effective protection against DDoS attacks at the Tbps level to ensure business continuity


Leveraging Tencent's over a decade of experience in security accumulated from various lines of business like QQ, WeChat and Honor of Kings and utilizing the resource strengths of Tencent Cloud's extensive deployment in China and worldwide, Aegis Anti-DDoS offers comprehensive, effective and specialized protection against DDoS attacks at the Tbps level. With the aid of a smart AI engine, it continuously optimizes multi-dimensional algorithms such as protection policies, IP profiling, behavior pattern analysis and cookie challenges for real-time protection, detects business traffic fast and accurately, and responds to a variety of DDoS and CC attacks in a flexible manner, seamlessly ensuring the healthy operation and growth of your business.


Comprehensive Protection

DDoS attacks are carried out using various complex and ever-changing methods, leaving weak business links extremely vulnerable to attacks. Aegis Anti-DDoS can efficiently cope with bandwidth-congestion attacks such as SYN and UDP floods. In addition, it effectively protects against simulated application protocol, null session and CC attacks, providing systematic and comprehensive protection across all links of the business chain as a whole.

Dedicated Clusters

High-traffic DDoS attacks are continuing to break records of volumes. Aegis Anti-DDoS boasts dedicated clusters for various links such as business detection, traffic cleansing and traffic forwarding, providing you with highly reliable, high-quality, specialized and effective security protection services.

High Cost Performance

It is difficult to predict DDoS attacks, with a breach possible at any time. Aegis Anti-DDoS uses a billing model based on the combination of base protection and elastic protection, reducing your daily expenses and allowing you to utilize on-demand elastic protection in a pay-per-use manner. This ensures that you are being provided with a protection solution with high cost performance and minimal costs.

Flexible Policies

In response to ever-changing attack techniques, you need flexible defense countermeasures. Aegis Anti-DDoS is capable of advanced policy configurations for advanced security, CC protection, watermark protection and much more. You can continuously optimize the policy configuration based on your business characteristics to effectively defend against attacks.

Easy Access

When faced with a sudden attack, you need quick access to high-defense services to minimize losses. Aegis Anti-DDoS' high-defense IP enables protective domain name that is immediately accessible via CNAME. Easily configurable and accessible DDoS high-defense packet provides direct protection capabilities to Tencent Cloud public IPs.

Adequate Resources

Relying on the global deployment of Tencent Cloud, Aegis Anti-DDoS is readily available to protect cross-regional and international businesses. Its protective resources at the Tbps level have already become available in Mainland China and will soon be launched in overseas regions such as Southeast Asia, North America and Europe. The global deployment of your business can now be protected with confidence and ease.


Aegis Anti-DDoS offers a variety of powerful features to build an all-around security protection system for your business.
DDoS High-defense IP

DDoS high-defense IP uses proxy forwarding mode in which the traffic first accesses the high-defense IP and then is forwarded to the origin server, achieving DDoS protection for the origin server. The traffic can be immediately directed to the high-defense IP or connected to the high-defense IP using the free protective domain name through CNAME. The protective domain name supports smart resolution, so you can configure the high-defense IP from China Telecom, China Unicom and China Mobile to achieve wider user coverage. Traffic forwarding is realized by configuring port forwarding rules. The unique rule group design makes it easy to batch bind high-defense IPs. You can configure forwarding to public IPs or Tencent Cloud Virtual Machine private IPs.


DDoS High-defense IP

DDoS high-defense IP enables protection in proxy forwarding mode. You can configure forwarding rules for protocols and ports to prevent DDoS attacks with the aid of high-defense IP behind which the origin server is secured. It enjoys large bandwidth from China Mobile, China Unicom and China Telecom and BGP network protection capabilities.

DDoS High-defense Packet

This easily configurable and accessible feature provides immediate protection of Tencent Cloud public IPs. Protective resources can be utilized exclusively by a single IP or jointly by multiple IPs. Appropriate packages can be flexibly selected for different types of risks.

Advanced Policies

Attack techniques such as simulating and retransmitting packets use zombie computers to impersonate business clients. This renders conventional protection policies much more penetrable. By configuring policies for advanced security, CC protection and watermark protection, you can rest assured that not one illegal packet will get through.


Tencent Cloud Aegis Anti-DDoS uses a mixed billing model where peak bandwidth for base protection is prepaid on a monthly basis, while peak bandwidth for elastic protection and forwarded traffic are postpaid on a daily basis. You can set the peak bandwidth for base protection to slightly higher than that of frequent attack traffic and set the peak bandwidth for elastic protection to higher than that of the highest historical attack traffic.
Elastic protection can be enabled free of charge. After enabled, it will not be used if the peak attacking traffic doesn't exceed the peak bandwidth for base protection and no charges will be incurred. Otherwise, the exceeding part will fall into the corresponding price range for billing. On one single day, the charge will be calculated only once based on the maximum usage, and multiple attacks will not result in multiple charges. Forwarded traffic can be billed by bandwidth or traffic according to traffic characteristics. If billed by bandwidth, the daily calculation basis is the bandwidth minus 5% of the peak bandwidth.