OpenResty DDos Usage

1. Configure OpenResty Edge API Address and Token

You need to configure your OpenResty Edge’s API address and token in your OpenResty DDos Console. These information can be found in your OpenResty Edge’s control panel. OpenResty DDos platform will use these information to communicate with your OpenResty Edge and synchronize configuration information.

1.1 Global configuration

In the OpenResty DDos Console, click your username in the top right corner of the page, and select “Global Configuration” from the dropdown menu.

OpenResty DDos™ Global Configuration

1.2 Configure OpenResty Edge

In the “Global Configuration” page, fill in your OpenResty Edge’s API address and token.

The API endpoint is the address of your OpenResty Edge, for example http://edge.example.com/. The token is the API token of your OpenResty Edge.

The “Periodic Update” option allows OpenResty DDos™ Agent to periodically update configuration information from OpenResty DDos™ Console.

The “SSL Verify” option allows OpenResty DDos™ Agent to verify the SSL certificate of OpenResty Edge. If it is a private certificate, you can turn off this option.

OpenResty DDos™ Global Configuration

2. Configure OpenResty DDos™ Agent

You need to install OpenResty DDos™ Agent on your OpenResty Edge server. If you have not installed OpenResty DDos™ Agent yet, please refer to OpenResty DDos™ Installation and Upgrade.

2.1 Enable OpenResty DDos™ Protection

Open the OpenResty DDos Console page, select the corresponding DDos Agent from the dropdown menu. On the right sidebar, select the “Anti-DDos” tab.

OpenResty DDos™ Protection

2.2 Configure OpenResty DDos™ Protection

In the “Anti-DDos” page, you can configure OpenResty DDos™ protection rules. Click the “Auto Protection” switch to enable automatic protection. This will use the configuration information of OpenResty Edge to automatically protect your server.

You can configure the threshold of “Auto Protection”. When the request frequency exceeds this threshold, OpenResty DDos™ will automatically block these requests.

OpenResty DDos™ Protection

3. Configure OpenResty DDos™ Rules Manually

You can also configure OpenResty DDos™ rules manually. In the “Anti-DDos” page, with the “Auto Protection” switch turned off, you can add rules manually.

OpenResty DDos™ Manual Rules

Select the Network namespace, Network Interface, and configure the rule:

OpenResty DDos™ Manual Rules

3.1 SYN flood protection

You can configure SYN flood protection rules. When the number of SYN packets exceeds the threshold, OpenResty DDos™ will automatically block these requests. When the number of SYN packets is less than MIN_THRESHOLD, OpenResty DDos™ will automatically unblock them.

3.2 DNS flood protection

You can configure DNS flood protection rules. When the number of DNS requests exceeds the threshold, OpenResty DDos™ will automatically response the requests in the “Valid domain names” with the “IPv4 addresses to answer” you configured, and block the requests otherwise. Similarly, when the number of DNS requests is less than MIN_THRESHOLD, OpenResty DDos™ will automatically unblock them.