To use Anti-DDoS Pro or Anti-DDoS Premium to protect non-website services, such as client-based games, mobile games, or apps, you must create port forwarding rules and use the IP address of your Anti-DDoS Pro or Anti-DDoS Premium instance as the service IP address. This topic describes how to create a port forwarding rule in the Anti-DDoS Pro or Anti-DDoS Premium console.

Prerequisites

An Anti-DDoS Pro or Anti-DDoS Premium instance is available. For more information, see Purchase Anti-DDoS Pro or Anti-DDoS Premium instances.

Background information

Notice In the top navigation bar of the Anti-DDoS Pro or Anti-DDoS Premium console, you can switch the region (Mainland China and Outside Mainland China), and the system switches between Anti-DDoS Pro and Anti-DDoS Premium accordingly for you to manage and configure Anti-DDoS Pro or Premium instances. Ensure that you switch to the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

If you set up either Anti-DDoS Pro or Anti-DDoS Premium instances to protect non-website services, these instances only support Layer 4 forwarding. Both Anti-DDoS Pro and Anti-DDoS Premium only provide protection against Layer 4 attacks, such as SYN and UDP flood attacks. They do not parse Layer 7 packets or mitigate Layer 7 attacks, such as HTTP flood attacks and web attacks. To create an instance to protect non-website services, you only need to create port forwarding rules and use the IP address of your instance as the service IP address.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region of your Anti-DDoS instance.
    • Mainland China: Anti-DDoS Pro
    • Outside Mainland China: Anti-DDoS Premium
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select the target instance and click Create Rule.Create Rule
    Note You can also create multiple rules at a time. For more information, see Create multiple forwarding rules at a time.
  5. In the Create Rule dialog box, specify the required parameters.Configure a rule
    Parameter Description
    Forwarding Protocol The protocol that you want to use to forward traffic. Valid values: TCP and UDP.
    Forwarding Port The port used by the instance to forward inbound traffic.
    • We recommend that you set the forwarding port to the port of the origin server.
    • To prevent domain owners from creating their own DNS servers with protection features, Anti-DDoS Pro and Anti-DDoS Premium do not protect the transport-layer services that use port 53.
    • You cannot specify a port that is already used as the forwarding port for another rule. In an instance, forwarding rules that use the same protocol must use different forwarding ports. If you attempt to create a rule with a protocol and forwarding port already used by another rule, an error message appears, indicating that rules overlap. Do not create a rule that overlaps with the forwarding rules that are automatically generated when a website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Automatically generate forwarding rules for website services.
    Origin Server Port The port of the origin server that you want to use to create the rule.
    Origin Server IP The IP address of the origin server that you want to use to create the rule.
    Note You can specify a maximum of 20 origin server IP addresses to implement load balancing. Separate multiple IP addresses with commas (,).
  6. Click OK.
    After a port forwarding rule is created, you can configure session persistence, health checks, and anti-DDoS protection policies for non-website services as required. For more information, see Step 2: Configure port forwarding and anti-DDoS protection policies.

    You can also edit or delete a rule as required.

  7. Change the IP address of the service that you want to protect to the IP address of your instance to reroute inbound traffic to the instance. After you change the IP address, the instance scrubs the inbound traffic and then forwards the traffic to the origin server.
    Before you change the IP address to reroute inbound traffic to your instance, we recommend that you verify that the forwarding rule has taken effect. For more information, see Verify the forwarding configuration on your local machine.
    Notice If you change the service IP address before the forwarding rule takes effect, your service may be interrupted.