Flexible Engine - Advanced guide
Updated on :
Step 6 – Configuring anti-DDoS
Our web service is now ready to respond to significant variations in the number of user requests. But, being exposed on the internet is subjected to a massive Denial of Service attacks (DDoS – Distributed Denial of Service). In this case, we would like the attack to be detected and intercepted upstream of our service, so that it does not trigger auto-scaling, and the consumption of additional resources (and hence the increase in the cost of service).
It is exactly the role of Anti-DDoS service to protect against denial-of-service attacks launched on layers 4 to 7 of the OSI network model. For this step, we will therefore configure this service to protect the public IP from the load dispatcher against such attacks.
To configure Anti-DDos, first access the service and choose the EIP you want to protect from the list of EIP that appears. EIP that interests us are that of the ELB.
Identify it in the list and click Enable Defense.
Once enabled click on the concerned EIP and on Set Protection in the Protection detail section
Enter the following information:
- Traffic cleaning threshold: 100 Mbit/s
- CC Defense: Select Enable
- HTTP Request Rate: 2000/qps
Then, create an alarm notification by going to SMN service.
First you have to create a topic. To do this click on Create Topic
- Name: Advanced Topic
- Display name: Message
Then you have to choose a susbscription. To do it go on the subscription section and click on Add Subscription.
- Topic Name: Select the Topic previously created
- Protocol: Choose the kind a message you will receive ( E-Mail, Sms, http, https) For this tutorial choose e-mail
- End point: Enter your e-mail address.
Once you create your subscription you have to confirm it. On the subscription home page, in the column Opération, click on request confirmation. Normally you should receive a confirmation message on the e-mail you have informed. On this message you have a link to click to confirm your subscription.
Few minutes are necessary to receive this confirmation message