This topic describes how to configure port forwarding policies, such as session persistence and health checks for multiple origin IP addresses and how to configure anti-DDoS protection policies for non-website services, such as False Source, Speed Limit for Destination, Packet Length Limit, and Speed Limit for Source.

Prerequisites

An Anti-DDoS Pro or Anti-DDoS Premium instance is set up by using a port. For more information, see Step 1: Create a port forwarding rule.

Background information

You can configure port forwarding rules and anti-DDoS protection policies for non-website services as required to optimize the forwarding feature of Anti-DDoS Pro or Anti-DDoS Premium.

  • You can configure a session persistence policy to forward requests from a specific IP address to the same backend server.
  • You can configure a health check policy to check the availability of the backend servers, which ensures that requests from clients are forwarded to normal servers.
  • You can configure anti-DDoS protection policies to limit the connection speeds and packet lengths of non-website services that are protected by Anti-DDoS Pro or Anti-DDoS Premium. This protects your non-website services against connection-oriented DDoS attacks that consume low bandwidth.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region of your Anti-DDoS instance.
    • Mainland China: Anti-DDoS Pro
    • Outside Mainland China: Anti-DDoS Premium
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select an instance, find the target forwarding rule, and configure the session persistence, health check, anti-DDoS protection policies for non-website services as required.Port Config
    • Session Persistence
      1. Click Change in the Session Persistence column.
      2. In the Session Persistence dialog box, enable or disable session persistence as required.Session Persistence
        • To enable session persistence, set the Timeout Period parameter and click Complete.
        • To disable session persistence, click Disable Session Persistence.
    • Health Check
      1. Click Change in the Health Check column.
      2. In the Health Check dialog box, configure health check settings. For more information about configuration items, see Configure health check. Health Check
      3. Click Complete.

      To disable a health check, click Change in the Health Check column. In the Health Check dialog box, click Disable Health Check.

    • Protection for non-website services
      1. Click Change in the Anti-DDoS Protection Policy column.
      2. On the Protection for Non-website Services tab, configure anti-DDoS protection policies as required, which include False Source, Speed Limit for Destination, Packet Length Limit, and Speed Limit for Source. Protection for Non-website Services
        • False Source: verifies and filters DDoS attacks initiated from forged IP addresses.
        • Speed Limit for Destination: The data transfer rate of the port used by the instance that exceeds the maximum visit frequency is limited based on the IP address and port of an Anti-DDoS Pro or Anti-DDoS Premium instance. The data transfer rates of other ports are not limited.
        • Packet Length Limit: specifies the minimum and maximum lengths of packets that are allowed to pass through. Packets with invalid lengths are dropped.
        • Speed Limit for Source: The data transfer rate of a source IP address from which access requests exceed the maximum visit frequency is limited based on the IP address and port of an Anti-DDoS Pro or Anti-DDoS Premium instance. The data transfer rates of source IP addresses from which access requests do not exceed the maximum visit frequency are not limited. This policy also supports the IP address blacklist policy. An IP address from which access requests exceed the maximum visit frequency five times within 60 seconds can be added to a blacklist. You can also specify the blocking period.

        For more information, see Create an anti-DDoS protection policy.