tencent cloud

Anti-DDoS

Release Notes and Announcements
Release Notes
Announcements
Product Introduction
Overview
Strengths
Use Cases
Concepts
Blocking Policies
Relevant Products
Comparison of Anti-DDoS Solutions
Purchase Guide
Billing Overview
Purchase Directions
Getting Started
Anti-DDoS Pro
Anti-DDoS Advanced
Operation Guide
Operation Overview
Protection Overview
Usage Limits
Asset Center
Business Connection
Smart Scheduling
Protection Configuration
Security Operations
Service Management
Practical Tutorial
Remote Protection Scheme with Anti-DDoS Pro
Using Anti-DDoS Pro Together with WFA
Suggestions on Stress Tests
Solutions to Real Server IP Exposure
Creating an Anti-DDoS EIP
Configuration Directions and Notes on CC Protection Policies
Syncing Forwarding Rules to New Anti-DDoS Advanced Instances
‌Smart Scheduling of CTCC/CUCC/CMCC Traffic
Troubleshooting
Business IPs Blocked Due to High-traffic Attacks
‌Business IPs Blocked When DDoS Attack Traffic Doesn't Reach the Threshold
How to Fix a 502 Bad Gateway Error
"No ICP filing" Prompted During Domain Name Connection
A public IP suffered DDoS attacks
API Documentation
History
Introduction
API Category
Making API Requests
Anti-DDoS Advanced Instance APIs
Resource List APIs
Protection Configuration APIs
Other APIs
Alarm Notification APIs
Connection Configuration APIs
Intelligent Scheduling APIs
Black hole unblocking APIs
Statistical Report APIs
Data Types
Error Codes
FAQs
Blocking
Attacks
Features
Billing
Service Level Agreement
Product Policy
Privacy Policy
Data Processing And Security Agreement
Glossary
Documentation Anti-DDoSOperation GuideProtection ConfigurationDDoS ProtectionDDoS Protection Levels

DDoS Protection Levels

PDF
Focus Mode
Font Size
Last updated: 2024-07-01 11:33:59

Use cases

Anti-DDoS provides three available protection levels for you to adjust protection policies against different DDoS attacks. The details are as follows:
Protection level
Protection action
Description
Loose
Filters SYN and ACK data packets with explicit attack attributes.
Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specification.
Filters UDP data packets with explicit attack attributes.
This protection level uses a loose cleansing policy and defends against only explicit attack packets.
We recommend that you choose this protection level when normal requests are blocked. Complex attack packets may bypass the security system.
Medium
Filters SYN and ACK data packets with explicit attack attributes.
Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specification.
Filters UDP data packets with explicit attack attributes.
Filters common UDP-based attack packages.
Actively verifies the source IP addresses of some access attempts.
This protection level uses a cleansing policy that is suitable for most businesses and capable of defending against common attacks.
This is the default protection level.
Strict
Filters SYN and ACK data packets with explicit attack attributes.
Filters TCP, UDP, and ICMP data packets that are not compliant with the protocol specification.
Strictly checks and filters UDP data packets with explicit attack attributes and UDP-based attack packets.
Actively verifies the source IP addresses of some access attempts.
Filters ICMP attack packages.
The cleansing policy is strict. We recommend you use this level when attack packets bypass the security system in the Normal mode.

Directions

1. Log in to the new Anti-DDoS console and click DDoS Protection on the left sidebar.
2. Select an Anti-DDoS instance ID in the list on the left, such as "bgp-00xxxxxx".

3. In the DDoS protection level section, choose a protection level.
Previous Topic: Smart SchedulingNext Topic: IP Blocklist/Allowlist

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback