AliCloud Anti-DDoS Protection

The ECS instance I subscribed last month does come with a free Distributed Denial of Service (DDoS) protection service. Anti-DDoS service prevents and mitigates DDoS attacks by routing traffic away (black hole strategy) from your ECS instance, ensuring availability and performance of the instance on Ali Cloud.

The basic Anti-DDoS protect up to 5 Gbps common DDoS attacks. These attacks can include SYN Flood, UDP Flood, ICMP Flood, fragments, and malformed packets. If the data transfer rate exceeds the default black hole threshold, Ali Cloud will block external network access to the ECS instance.

There is an option to upgrade to Anti-DDoS Pro Plan for additional protection service. The paid plan can provide a mitigation capacity of more than 2000 Gbps.

Alibaba Cloud Anti-DDoS Basic service is enabled and initialized by default. This post is to review the Anti-DDoS Basic

On the Anti-DDoS Basic page, select View details under the instance..
Alibaba Cloud Anti-DDoS Basic service

Check the current Cleaning trigger settings, and click Advanced anti-DDoS settings if it does not meet your requirements.
Alibaba Cloud Anti-DDoS Basic service Advanced anti-DDoS settings

You can configure the Cleaning threshold value setting manually.
For Automatic setting, the system dynamically adjusts the cleaning threshold value based on ECS’s traffic load.
Ali Cloud Advanced Anti-DDoS settings

Anti-DDoS Pro is recommended for large enterprise application web sites and e-commerce websites. The Smaller websites, such as blogs, the Anti-DDoS Basic should be sufficient.