To use Anti-DDoS Pro or Anti-DDoS Premium to protect non-website services, such as client-based games, mobile games, or apps, you must create port forwarding rules and use the IP address of your Anti-DDoS Pro or Anti-DDoS Premium instance as the service IP address. This topic describes how to create a port forwarding rule in the Anti-DDoS Pro or Anti-DDoS Premium console.
If you set up either Anti-DDoS Pro or Anti-DDoS Premium instances to protect non-website services, these instances only support Layer 4 forwarding. Both Anti-DDoS Pro and Anti-DDoS Premium only provide protection against Layer 4 attacks, such as SYN and UDP flood attacks. They do not parse Layer 7 packets or mitigate Layer 7 attacks, such as HTTP flood attacks and web attacks. To create an instance to protect non-website services, you only need to create port forwarding rules and use the IP address of your instance as the service IP address.
- Log on to the Anti-DDoS Pro console.
- In the top navigation bar, select the region of your Anti-DDoS instance.
- Mainland China: Anti-DDoS Pro
- Outside Mainland China: Anti-DDoS Premium
- In the left-side navigation pane, choose .
- On the Port Config page, select the target instance and click Create Rule.
- In the Create Rule dialog box, specify the required parameters.
Parameter Description Forwarding Protocol The protocol that you want to use to forward traffic. Valid values: TCP and UDP. Forwarding Port The port used by the instance to forward inbound traffic.
- We recommend that you set the forwarding port to the port of the origin server.
- To prevent domain owners from creating their own DNS servers with protection features, Anti-DDoS Pro and Anti-DDoS Premium do not protect the transport-layer services that use port 53.
- You cannot specify a port that is already used as the forwarding port for another rule. In an instance, forwarding rules that use the same protocol must use different forwarding ports. If you attempt to create a rule with a protocol and forwarding port already used by another rule, an error message appears, indicating that rules overlap. Do not create a rule that overlaps with the forwarding rules that are automatically generated when a website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Automatically generate forwarding rules for website services.
Origin Server Port The port of the origin server that you want to use to create the rule. Origin Server IP The IP address of the origin server that you want to use to create the rule.Note You can specify a maximum of 20 origin server IP addresses to implement load balancing. Separate multiple IP addresses with commas (,).
- Click OK.
After a port forwarding rule is created, you can configure session persistence, health checks, and anti-DDoS protection policies for non-website services as required. For more information, see Step 2: Configure port forwarding and anti-DDoS protection policies.
You can also edit or delete a rule as required.
- Change the IP address of the service that you want to protect to the IP address of
your instance to reroute inbound traffic to the instance. After you change the IP
address, the instance scrubs the inbound traffic and then forwards the traffic to
the origin server.
Before you change the IP address to reroute inbound traffic to your instance, we recommend that you verify that the forwarding rule has taken effect. For more information, see Verify the forwarding configuration on your local machine.Notice If you change the service IP address before the forwarding rule takes effect, your service may be interrupted.