Use Problems
How to start DDOS protection service?
DDoS protection service is divided into basic protection and advanced protection.
- DDoS basic protection. Every EIP that provides service on the external network will start the DDoS protection service by default. Depending on the region, it can provide a maximum protection capability of 5Gbps. When the attack traffic exceeds the cleaning trigger value set by the user, the cleaning device will be automatically started for the traffic cleaning.
- DDoS advanced protection service is also known as DDoS ADAS IP, you can obtain protection capability of more than 5Gbps by paying. After paying for it , you need to configure it on the console to use it.
Does the forward-to-origin address of the ADAS IP support IPv6?
The forward-to-origin address of the ADAS IP does not support IPv6 for the time being.
How do I get a user's real access IP after using the ADAS IP?
- The seven-layer service (HTTP/HTTPS protocol) can directly obtain the client's real source IP through the X_forward_for field in http header;
- For the four-layer service, if the backend server is Baidu Cloud BCC, no additional configuration is required, the server obtains the client's real source IP. If the backend server is not Baidu Cloud BCC, you can obtain the client's real source IP by loading the TTM module on the server. For the details, please see Non-Baidu Cloud Host Obtains Client's Real Source IP;
The domain name is not registered. Can I use Baidu AI Cloud's DDoS ADAS IP service?
Baidu AI Cloud is subject to regulatory requirements. The DDoS ADAS IP service does not support the provision of protection service for unregistered domain name.
The domain name was registered with other providers. What are the restrictions on using Baidu AI Cloud's DDoS ADAS IP?
- If your source station is not on Baidu AI Cloud, there are no other restrictions
- If your source station is on Baidu AI Cloud, you need to conduct Add Access for the domain name's registered information on Baidu AI Cloud
Note:
- The effect of the new access is to add a new provider. If the information you fill in during the access registration is the same as the original registration information, it will not affect the registration data of the original provider. After the access is completed, you can use the server of the original provider and Baidu AI Cloud at the same time.
What are the types of protection?
Protection against the following network layer attacks:
- SYN flood attack;
- ACK flood attack;
- FIN/RST flood attack;
- UDP flood attack;
- ICMP flood;
- TCP connection exhaustion attack, etc .;
Application layer attack:
- Effectively resist HTTP get/post flood attack;
- CC attack;
- HTTP slow header/post attacks, etc.
Does DDoS ADAS have packet capture?
DDoS ADAS service does not support packet capture function for the time being.
How many forwarding configurations does DDoS ADAS support?
- DDoS ADAS is a service agent mode. Each ADAS IP supports the forwarding rule of the configuration of up to 200 ports and 200 domain names.
- Each ADAS package can be configured with the forwarding rule of 50 ports and 50 domain names for free.
- Support TCP/UDP/HTTP/HTTPS/WS/WSS protocols.
What is the difference between DDoS ADAS and DDoS basic protection?
Service | DDoS ADAS service | DDoS basic protection service |
---|---|---|
Protection capability | Provide up to 1Tbps protection capability in total | North China-Beijing area provides up to 5Gbps protection capability South China-Guangzhou area provides up to 5Gbps protection capability |
Resource | Support extranet resources | Only support Baidu AI Cloud's EIP resources |
Protection policy | Rich protection policy, professional CC protection capability, users can self-configure policy | Fixed protection policy, basic CC protection capability, adopting global common policy |
Security ensuring of important activities | Expert service (exclusive for key customers) | None |
Detailed report | Provide detailed report | Provide overview report |
Network tuning | Not currently supported | Not currently supported |
Troubleshooting speed | Ticket response | Ticket response |
Technical support | 7x24 hours | 7x8 hours |
Notification mode | Call or short message | Short message |
How many domain names and ports does CC protection support?
CC protection for basic protection service uses traffic reorganization to protect, and there are no restrictions on domain name and port.
What else do I need to pay attention to after purchasing DDoS ADAS service?
Please pay attention to the following matters after purchasing DDoS ADAS service:
1.Since DDoS ADAS is a forwarding architecture, the source IP of real user will be converted to the IP address of the ADAS center when passing through the ADAS center, and the source IP is a fixed IP segment. Therefore, the server's security protection software must be uninstalled or close restrictions on the forward-to-origin IP segment to prevent accidental killing; 2.The user whose source server is in Baidu AI Cloud needs to increase the cleaning threshold of the DDoS protection service in the console. It is recommended to set it to the maximum cleaning threshold; 3.Try to keep all services in the ADAS center and not to expose it to the external network; prevent attackers from bypassing the ADAS center and directly attacking the source station.