AIARCOASC Docs

DDoS protection

Always-on L3/4/7 DDoS scrubbing, with non-HTTP transit DDoS for arbitrary TCP / UDP services.

What it is

Every zone gets always-on L3/4/7 scrubbing at no extra cost. For non-HTTP services (game servers, custom TCP/UDP protocols) you can opt into the transit-layer scrubbing tier, which advertises your origin behind our anycast and absorbs floods upstream of your network.

When to use it

  • Protect a web origin from volumetric and application-layer floods.
  • Protect a TCP/UDP service (game server, custom protocol).
  • Get SOC-2 evidence of DDoS controls for compliance audits.

Quickstart

asc edge ddos transit enable --origin 1.2.3.4 --port 27015 --proto udp
asc edge ddos report --zone example.com --from -7d
client.edge.ddos.transit.enable(origin='1.2.3.4', port=27015, proto='udp')
report = client.edge.ddos.report(zone='example.com', from_='-7d')
await client.edge.ddos.transit.enable({ origin: '1.2.3.4', port: 27015, proto: 'udp' });

Limits & quotas

LimitDefaultBurstNotes
HTTP scrubbing capacity>100 Tbps aggregateAlways-on, included
Transit scrubbing$50 / Gbps-mo (commit)Non-HTTP services
Per-port transit pricing$15 / port-mo

Pricing

See pricing. Pay-as-you-go, billed monthly via Stripe.

API surface

  • POST /v1/edge/ddos/transit/enable
  • GET /v1/edge/ddos/reports

Required scope(s): edge:write. See Scopes.

Security

All access is authenticated and scoped. See Auth & scopes and Network controls.