Feature Comparison
The table below covers the primary differences between DDoS Protection and EIP Blocked Rules. For a full list of configurable options within each layer, see the DDoS Protection Configuration Guide.
Availability
Select regions
All regions
Pipeline Position
First layer (upstream)
Second layer (downstream)
Monitored Metrics
BPS, PPS, InCPS
BPS, PPS, InCPS, OutCPS
Attack Mitigation
Traffic cleaning via BGP diversion + scrubbing
Threshold-based blackhole / NIC blocking
Traffic Cleaning
Yes — separates legitimate from attack traffic
No — block/allow only
Fingerprint Detection
Yes — payload-pattern matching
No
Protocol Filtering
Yes — TCP, UDP, ICMP analysis
No
Geo-blocking
Yes — country-level filtering
No
IP Allow/Block Lists
Yes
No
Blackhole Routing
Yes (escalation from cleaning)
Yes (primary action)
Outbound Protection
No
Yes — NIC-level blocking on OutCPS breach
Custom Thresholds
Yes — per-policy configuration
Yes — per-EIP configuration
Last updated