To use Anti-DDoS Pro or Anti-DDoS Premium to protect your website service, you must first add the domain name you want to protect and then add a traffic forwarding rule in the Anti-DDoS Pro or Anti-DDoS Premium console.

Prerequisites

An Anti-DDoS Pro or Anti-DDoS Premium instance is available. For more information, see Purchase Anti-DDoS Pro or Anti-DDoS Premium instances.

Background information

Notice In the top navigation bar of the Anti-DDoS Pro or Anti-DDoS Premium console, you can switch the region (Mainland China and Outside Mainland China), and the system switches between Anti-DDoS Pro and Anti-DDoS Premium accordingly for you to manage and configure Anti-DDoS Pro or Premium instances. Ensure that you switch to the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

This topic uses Anti-DDoS Pro as an example to describe this specific operation. If you use Anti-DDoS Premium, see Add a website.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select Mainland China.
  3. In the left-side navigation pane, choose Provisioning > Website Config.
  4. On the Website Config page, click Add Domain.
    Note You can also import website configurations in batches. For more information, see Import multiple website configurations at a time.
  5. On the Add Domain wizard, set the parameters in the Enter Site Information step and click Add.Website configuration
    Parameter Description
    Function Plan The function plan of the instance that you want to use to protect the website. Valid values:
    • Standard
    • Enhanced
    Note For more information, see Function plan.
    Instance The instance that you want to use to protect the website. You can select up to eight instances for one domain name. The instances used to protect the same domain name must use the same function plan.
    Note The available instances are displayed after you select a function plan. If no instance is available, no instance uses the selected function plan. In this case, you can purchase an instance or upgrade the standard function plan to the enhanced function plan. For more information, see Upgrade the specifications of an Anti-DDoS Pro or Anti-DDoS Premium instance.
    Domain Enter the domain of the website that you want to protect.
    Note
    • A domain name can contain letters, digits, and hyphens (-). It must start with a letter or digit. Domain names are not case sensitive.
    • You can enter wildcard domains, such as *.aliyun.com. Anti-DDoS Pro or Anti-DDoS Premium protects the subdomains of wildcard domains.
    • If you specify a domain name and its wildcard domain, such as www.aliyun.com and *.aliyun.com, the forwarding rules and protection policies configured for the domain name supersede those configured for the wildcard domain.
    Protocol The protocols that the website supports. Valid values:
    • HTTP (selected by default)
    • HTTPS (selected by default)
    • Websocket
    • Websockets
    Note If your website supports HTTPS, you must select HTTPS. You can select other protocols that your website supports as required.
    Enable HTTP/2 Specifies whether to enable HTTP 2.0 when the website is protected by an Anti-DDoS Pro instance that uses the enhanced function plan. After the feature is enabled, the protocol version is HTTP 2.0.
    Note This feature is available only for Anti-DDoS Pro.
    Server IP The address type of the origin server. You must enter the address after you specify the address type. The address type can be Origin Server IP or Origin Server Domain.
    • Origin Server IP: You can specify up to 20 IP addresses. If multiple IP addresses of an origin server are specified, Anti-DDoS Pro or Anti-DDoS Premium uses IP Hash load balancing to forward network traffic to the origin server.
    • Origin Server Domain: If you want to use both Anti-DDoS Pro or Anti-DDoS Premium and web application firewall (WAF), select Origin Server Domain and enter the CNAME record provided by your WAF instance. This provides enhanced protection for your website.
    Server Port The server port that is specified based on the selected protocol.
    Note The forwarding port must be the same as the origin server port.
    • If HTTP or Websocket is selected, this parameter is set to 80 by default.
    • If HTTPS or Websockets is selected, this parameter is set to 443 by default.
      Note HTTP 2.0 ports are the same as HTTPS ports.
    To add custom ports, you can click Custom and select ports other than the default ones.
    • Instances that use the standard function plan support HTTP port 80, WebSocket port 8080, HTTPS port 443, and WebSockets port 8443.
    • Instances that use the enhanced function plan support specific non-standard ports. For more information, see Specify non-standard ports for protection.
    Custom ports
    CNAME Reuse Specifies whether to enable CNAME reuse. After CNAME reuse is enabled, you can associate the domain names hosted by the same server with the CNAME record assigned by Anti-DDoS Premium. For more information, see CNAME reuse.
    Note This feature is available only for Anti-DDoS Premium.
    After you add a website, click Website List. Then, you can view the added website configuration and its CNAME record on the Website Config page. CNAME record

Result

Anti-DDoS Pro assigns a CNAME record to the domain name. You only need to map the DNS record of the domain name to the CNAME record of the Anti-DDoS Pro instance to reroute inbound traffic to the instance for traffic scrubbing.

What to do next