To use Anti-DDoS Pro to protect services, such as client-based games, mobile games, and native apps, you must create port forwarding rules and change the service IP to the IP address of your Anti-DDoS Pro instance. This topic describes how to create port forwarding rules in the Anti-DDoS Pro console.
If you set up Anti-DDoS Pro instances using IPs and ports, these instances only support layer 4 forwarding. Anti-DDoS Pro only provides defense against layer 4 attacks, such as SYN flood attacks and UDP flood attacks. The service does not parse layer 7 packets or mitigate layer 7 attacks, such as HTTP flood attacks and Web attacks. To set up Anti-DDoS Pro instances using IPs and ports, you only need to create port forwarding rules in the Anti-DDoS Pro console.
Manage forwarding rule conflicts
- If the forwarding port is set to 80, the system automatically generates a rule that forwards traffic on TCP port 80 to the origin server. The rule is not generated if the same rule already exists.
- If the forwarding port is set to 443, the system automatically generates a rule that forwards traffic on TCP port 443 to the origin server. The rule is not generated if the same rule already exists.
You cannot edit or delete rules that are automatically generated by the system. The rule is automatically deleted when the domain to which the rule applies is no longer associated with the Anti-DDoS Pro instance.
- Log on to the Anti-DDoS Pro console .
- In the left-side navigation pane, choose .
On the Port Settings page, select an Anti-DDoS Pro instance and click Create Rule.
In the Create Rule dialog box, complete the configuration. The configuration details are as follows:
Item Description Forwarding Protocol Specify the forwarding protocol used by the origin server. Valid values: TCP and UDP. Forwarding Port Specify the port that the Anti-DDoS Pro instance uses to forward traffic.Note We recommend that you keep the forwarding port the same as the port of the origin server. Origin Server Port Specify the port of the origin server. Origin Server IP Specify the IP address of the origin server.Note You can enter up to 20 IP addresses for load balancing.
After a forwarding rule is created, you can configure session persistence, health check, and anti-DDoS protection policies based on your needs. For more information, see Step 2: Configure protection policies.
You can also edit or delete the rule based on your needs.
Change the service IP to the IP address of your Anti-DDoS Pro instance. This forwards
incoming traffic to your Anti-DDoS Pro instance.
Before you forward incoming traffic to your Anti-DDoS Pro instance, we recommend that you verify that the forwarding rules are in effect. For more information about testing port forwarding, see Test forwarding rules.Notice If the forwarding rules are not in effect, your service may become unavailable to your users after you change the service IP address.