FAQ

All ESA plans include basic DDoS protection (platform-level protection) by default. This service defends against DDoS attacks up to 10 Gbps but does not guarantee a specific protection threshold. During an attack, ESA mitigates it at the edge nodes on a best-effort basis. If an attack continues to escalate, it may affect acceleration quality. Basic DDoS protection does not guarantee mitigation within a specific timeframe.

If your website is at a high risk of DDoS attacks or requires more reliable protection, contact us to upgrade to the Enterprise.

The following traffic is not billed and does not consume your plan quota:

• L3/L4 attack traffic blocked by basic DDoS protection

• HTTP requests blocked by deep learning and other protection mechanisms

If you purchase Best-effort DDoS protection, you are billed on a pay-as-you-go basis for elastic protection bandwidth according to your plan's specifications.

Yes. ESA DDoS protection supports any server with a public IP address that is reachable from the Alibaba Cloud network.

The DDoS protection node IPs for the ESA Enterprise plan are not static. The system dynamically adjusts node scheduling based on attack conditions. During an attack, traffic may be rerouted to a scrubbing center for mitigation, causing the node IP address to change. If your service relies on a static IP address (for example, for firewall allowlist configurations), be aware of this behavior and adapt your setup accordingly.

No. For ESA, a black hole is triggered at the site level, not the EIP level. Therefore, switching EIPs cannot prevent black-holing. For stronger DDoS protection, you can upgrade to the Enterprise or purchase an additional DDoS protection instance.

When ESA is black-holed, all incoming traffic is dropped at the edge nodes, so attack traffic does not reach the origin server. Consequently, the DDoS protection for the origin server's EIP is not triggered and is therefore ineffective during this period.

Once the black hole is lifted and traffic forwarding returns to normal, the DDoS protection for the origin server's EIP will become effective again. To improve your DDoS protection and reduce the frequency of black hole triggers, you can upgrade to the Enterprise or purchase an additional DDoS protection instance.