Anti-DDoS Pro and Anti-DDoS Premium provide Layer 4 and Layer 7 health checks for protected non-website services. The health check feature is suitable for any service that has multiple origin server IP addresses and needs to check the availability of the origin servers. After you add forwarding rules to an Anti-DDoS Pro or Anti-DDoS Premium instance and use the instance to protect a non-website service, you can configure session persistence or health checks for a specific rule or multiple rules at a time. This topic describes how to configure a health check.

Prerequisites

You have created port forwarding rules. For more information, see Create a rule.

Background information

The health check feature is suitable for any service that has multiple origin server IP addresses. When Anti-DDoS Pro or Anti-DDoS Premium forwards traffic to origin servers, health checks are used to verify the availability of origin servers. Traffic is forwarded to the healthy origin servers to make sure that the service runs properly. If you configure only one origin server IP address in a port forwarding rule, we recommend that you do not enable the health check feature. For more information, see Health check overview.

The port configuration feature of Anti-DDoS Pro and Anti-DDoS Premium provides protection against DDoS attacks based on IP addresses and ports. The health check feature is available to all IP addresses and ports that are protected by Anti-DDoS Pro or Anti-DDoS Premium instances. You can configure health checks for forwarding ports of Anti-DDoS Pro or Anti-DDoS Premium instances.

Anti-DDoS Pro and Anti-DDoS Premium allow you to configure Layer 4 and Layer 7 health checks. The following table describes the parameters.

Note For advanced settings, click Advanced Settings. We recommend that you use the default settings. You can configure advanced settings for Layer 4 and Layer 7 health checks. Both health checks have the same parameters.
Type Parameter Description
Layer 4 Health Check Port The port that is used to access the origin servers during health checks. The valid value ranges from 1 to 65535. By default, the backend port configured for the listener is used.
Note The Layer 4 health check is suitable for TCP and UDP forwarding rules.
Layer 7 Health Check Domain and Path. During a Layer 7 health check, the Anti-DDoS Pro or Anti-DDoS Premium forwarding system sends an HTTP HEAD request to the default homepage of the origin server.
Note The Layer 7 health check is suitable only for TCP forwarding rules and HTTP health checks.
  • If you do not want to use the default homepage of the origin server for health checks, you must specify a domain name and path of the page that you want to check.
  • If you have limited the host field for the HTTP HEAD request, you only need to specify the URI for health checks. The Domain parameter is optional and set to the domain name of the origin server by default.
Port The port that is used to access the origin servers during health checks. The valid value ranges from 1 to 65535. By default, the backend port configured for the listener is used.
Advanced Settings Response Timeout Period The timeout period of a health check. The valid value ranges from 1 to 30 seconds. If the origin server does not respond within the specific timeout period, the origin server is unhealthy.
Check Interval The time interval between two health checks. The valid value ranges from 1 to 30 seconds.
Note Each scrubbing node in a cluster performs health checks on origin servers at specific intervals independently and concurrently. Scrubbing nodes may perform health checks on the same origin server at different times. Therefore, the health check records on the origin server do not indicate the time interval specified for the health check.
Unhealthy Threshold The number of consecutive failed health checks performed by the same scrubbing node that must occur before an origin server is declared unhealthy. The valid value ranges from 1 to 10.
Healthy Threshold The number of consecutive successful health checks performed by the same scrubbing node that must occur before an origin server is declared healthy. The valid value ranges from 1 to 10.

Configure a health check for a port

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region of your Anti-DDoS instance.
    • Mainland China: Anti-DDoS Pro
    • Outside Mainland China: Anti-DDoS Premium
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select the target instance, find the target forwarding rule, and click Change in the Health Check column.
    Note You can also configure session persistence or health checks for multiple rules at a time. For more information, see Configure session persistence or health checks for multiple rules.
    Configure the health check
  5. In the Health Check dialog box, set the parameters and click Complete. For more information about the parameters, see Health check parameters.Configure the health check

Configure session persistence or health checks for multiple rules

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region of your Anti-DDoS instance.
    • Mainland China: Anti-DDoS Pro
    • Outside Mainland China: Anti-DDoS Premium
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select the target instance, click Batch Operations below the rule list, and select Session Persistence/Health Check Settings.
  5. In the Create Session/Health Settings dialog box, enter the required information and click Create.Create Session/Health Settings dialog box
    Note You can export health check settings to a TXT file, modify the settings in the TXT file, and then copy and paste the settings to the Create Session/Health Settings dialog box. In the TXT file, keep the settings of all rules in the same format. For more information, see Export multiple port configurations.

    The formats of session persistence and health check settings are described as follows:

    • Enter the session persistence and health check settings of each forwarding rule in each row.
    • Health check settings include the following fields left to right: forwarding port, forwarding protocol (TCP or UDP), session persistence period, health check type, port, response timeout period, check interval, unhealthy threshold, healthy threshold, path, and domain. The session persistence period is measured in seconds, and the valid value ranges from 30 to 3600. Fields are separated with spaces. For more information about the fields, see Health check parameters.
    • The forwarding port must be specified in forwarding rules.
    • Health check types include TCP, HTTP, and UDP. If a forwarding rule uses UDP, we recommend that you configure a UDP health check. If a forwarding rule uses TCP, we recommend that you configure a TCP health check (Layer 4 health check) or HTTP health check (Layer 7 health check).
    • If you configure an HTTP health check, the Path parameter is required, but the Domain parameter is optional.