To use Anti-DDoS Pro or Anti-DDoS Premium to protect non-website services, such as client-based games, mobile games, or apps, you must create port forwarding rules. You must also use the IP address of your Anti-DDoS Pro or Anti-DDoS Premium instance as the service IP address. This topic describes how to create a port forwarding rule in the Anti-DDoS Pro or Anti-DDoS Premium console.


An Anti-DDoS Pro or Anti-DDoS Premium instance is purchased. For more information, see Purchase mitigation plans for Anti-DDoS Pro and Anti-DDoS Premium.

Background information

If you configure either Anti-DDoS Pro or Anti-DDoS Premium instances to protect non-website services, these instances only support Layer 4 forwarding. Both Anti-DDoS Pro and Anti-DDoS Premium only provide protection against Layer 4 attacks, such as SYN and UDP flood attacks. They do not parse Layer 7 packets or mitigate Layer 7 attacks, such as HTTP flood attacks and web attacks. To create an instance to protect non-website services, you only need to create port forwarding rules. Then, you can use the IP address of your instance as the service IP address.


  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your services are deployed.
    • Mainland China: Anti-DDoS Pro
    • Outside Mainland China: Anti-DDoS Premium
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select the instance you want to use and click Create Rule.
    Note You can also create multiple rules at a time. For more information, see Create multiple forwarding rules at a time.
  5. In the Create Rule dialog box, specify the required parameters.Configure a rule
    Parameter Description
    Forwarding Protocol The protocol that you want to use to forward traffic. Valid values: TCP and UDP.
    Forwarding Port The port that you want to use to forward traffic.
    • We recommend that you specify the same port for Forwarding Port and Origin Server Port.
    • To prevent domain owners from creating their own DNS servers to protect services, Anti-DDoS Pro and Anti-DDoS Premium do not protect services that use port 53.
    • You cannot specify a port that is already used as the forwarding port for another rule. In an instance, forwarding rules that use the same protocol must use different forwarding ports. If you attempt to create a rule with a protocol and forwarding port that are already used by another rule, an error message appears. The error message indicates that these rules overlap. Do not create a rule that overlaps with forwarding rules that are automatically generated. For more information, see Automatically generate forwarding rules when you add website configurations.
    Origin Server Port The port of the origin server.
    Origin Server IP The IP address of the origin server.
    Note You can specify up to 20 origin server IP addresses to implement load balancing. Separate multiple IP addresses with commas (,).
  6. Click OK.
    After a port forwarding rule is created, you can configure session persistence, health checks, and anti-DDoS protection policies for non-website services as required. For more information, see Step 2: Configure port forwarding and anti-DDoS protection policies.

    You can also edit or delete a rule as required.

  7. Change the IP address of the service that you want to protect to the IP address of your instance to reroute inbound traffic to the instance. After you change the IP address, the instance scrubs the inbound traffic and then forwards the normal traffic to the origin server.
    Before you change the IP address to reroute inbound traffic to your instance, we recommend that you verify that the forwarding rule has taken effect. For more information, see Verify the forwarding configuration on your local machine.
    Notice If you change the service IP address before the forwarding rule takes effect, your service may be interrupted.