To use Anti-DDoS Pro to protect services, such as client-based games, mobile games, and native apps, you must create port forwarding rules and change the service IP to the IP address of your Anti-DDoS Pro instance. This topic describes how to create port forwarding rules in the Anti-DDoS Pro console.

Prerequisites

You have purchased an Anti-DDoS Pro instance. To view your instance, choose Management > Instances. For more information about purchasing Anti-DDoS Pro instances, see Buy Anti-DDoS Pro instances.

Background information

If you set up Anti-DDoS Pro instances using IPs and ports, these instances only support layer 4 forwarding. Anti-DDoS Pro only provides defense against layer 4 attacks, such as SYN flood attacks and UDP flood attacks. The service does not parse layer 7 packets or mitigate layer 7 attacks, such as HTTP flood attacks and Web attacks. To set up Anti-DDoS Pro instances using IPs and ports, you only need to create port forwarding rules in the Anti-DDoS Pro console.

Manage forwarding rule conflicts

If you have added your website in the Anti-DDoS Pro console and set up an Anti-DDoS Pro instance using the website domain, the system automatically generates a forwarding rule for the domain. Incoming traffic to the website is forwarded according to this forwarding rule. For more information about adding a website in the Anti-DDoS Pro console, see Step 1: Add a website.
  • If the forwarding port is set to 80, the system automatically generates a rule that forwards traffic on TCP port 80 to the origin server. The rule is not generated if the same rule already exists.
  • If the forwarding port is set to 443, the system automatically generates a rule that forwards traffic on TCP port 443 to the origin server. The rule is not generated if the same rule already exists.


You cannot edit or delete rules that are automatically generated by the system. The rule is automatically deleted when the domain to which the rule applies is no longer associated with the Anti-DDoS Pro instance.

Notice For each Anti-DDoS Pro instance, the forwarding rules must use unique ports under the same protocol. If an Anti-DDoS Pro instance already has a forwarding rule that uses TCP port 80 or 443, a conflict error occurs when you try to add a rule that uses the same port and protocol.

Procedure

  1. Log on to the Anti-DDoS Pro console .
  2. In the left-side navigation pane, choose Management > Port Settings.
  3. On the Port Settings page, select an Anti-DDoS Pro instance and click Create Rule.


  4. In the Create Rule dialog box, complete the configuration. The configuration details are as follows:
    Item Description
    Forwarding Protocol Specify the forwarding protocol used by the origin server. Valid values: TCP and UDP.
    Forwarding Port Specify the port that the Anti-DDoS Pro instance uses to forward traffic.
    Note We recommend that you keep the forwarding port the same as the port of the origin server.
    Origin Server Port Specify the port of the origin server.
    Origin Server IP Specify the IP address of the origin server.
    Note You can enter up to 20 IP addresses for load balancing.


  5. Click Complete.

    After a forwarding rule is created, you can configure session persistence, health check, and anti-DDoS protection policies based on your needs. For more information, see Step 2: Configure protection policies.

    You can also edit or delete the rule based on your needs.

  6. Change the service IP to the IP address of your Anti-DDoS Pro instance. This forwards incoming traffic to your Anti-DDoS Pro instance.
    Before you forward incoming traffic to your Anti-DDoS Pro instance, we recommend that you verify that the forwarding rules are in effect. For more information about testing port forwarding, see Test forwarding rules.
    Notice If the forwarding rules are not in effect, your service may become unavailable to your users after you change the service IP address.