Add a website

Website configurations define how Anti-DDoS Pro or Anti-DDoS Premium forwards the inbound traffic of a protected website. To use Anti-DDoS Pro or Anti-DDoS Premium for website protection, you must add the website to Anti-DDoS Pro or Anti-DDoS Premium. You can add multiple websites at a time. This topic describes how to add a website and how to import multiple website configurations to Anti-DDoS Pro or Anti-DDoS Premium at a time.

Prerequisites

An Anti-DDoS Pro or Anti-DDoS Premium instance is purchased. For more information, see Purchase Anti-DDoS Pro or Anti-DDoS Premium instances.

Differences of website configurations between Anti-DDoS Pro and Anti-DDoS Premium

Notice In the top navigation bar of the Anti-DDoS Pro or Anti-DDoS Premium console, you can switch the region (Mainland China and Outside Mainland China), and the system switches between Anti-DDoS Pro and Anti-DDoS Premium accordingly for you to manage and configure Anti-DDoS Pro or Premium instances. Ensure that you switch to the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

The following table describes the feature differences between Anti-DDoS Pro and Anti-DDoS Premium.


Feature	Description	Anti-DDoS Pro	Anti-DDoS Premium
Enable HTTP/2	You can enable this feature for websites associated with Anti-DDoS Pro or Anti-DDoS Premium instances that use the enhanced function plan. After the feature is enabled, the protocol version is HTTP 2.0.	Supported	Not supported
CNAME Reuse	After the feature is enabled, domain names hosted by the same server are associated with the CNAME record assigned by Anti-DDoS Pro or Anti-DDoS Premium. For more information, see CNAME reuse.	Not supported	Supported

Log on to the Anti-DDoS Pro console.
In the top navigation bar, select the region of your Anti-DDoS instance.
- Mainland China: Anti-DDoS Pro
- Outside Mainland China: Anti-DDoS Premium
In the left-side navigation pane, choose Provisioning > Website Config.
On the Website Config page, click Add Domain.

Note You can import multiple website configurations at a time. For more information, see Import multiple website configurations at a time.

On the Add Domain wizard, set the parameters in the Enter Site Information step and click Add. Website configuration


Parameter	Description
Function Plan	The function plan of the instance that you want to use to protect the website. Valid values: Standard Enhanced Note For more information, see Function plan.
Instance	The instance that you want to use to protect the website. You can select up to eight instances for one domain name. The instances used to protect the same domain name must use the same function plan. Note The available instances are displayed after you select a function plan. If no instance is available, no instance uses the selected function plan. In this case, you can purchase an instance or upgrade the standard function plan to the enhanced function plan. For more information, see Upgrade the specifications of an Anti-DDoS Pro or Anti-DDoS Premium instance.
Domain	Enter the domain of the website that you want to protect. Note A domain name can contain letters, digits, and hyphens (-). It must start with a letter or digit. Domain names are not case sensitive. You can enter wildcard domains, such as `.aliyun.com`. Anti-DDoS Pro or Anti-DDoS Premium protects the subdomains of wildcard domains. If you specify a domain name and its wildcard domain, such as `www.aliyun.com` and `.aliyun.com`, the forwarding rules and protection policies configured for the domain name supersede those configured for the wildcard domain.
Protocol	The protocols that the website supports. Valid values: HTTP (selected by default) HTTPS (selected by default) Websocket Websockets Note If your website supports HTTPS, you must select HTTPS. You can select other protocols that your website supports as required.
Enable HTTP/2	Specifies whether to enable HTTP 2.0 when the website is protected by an Anti-DDoS Pro instance that uses the enhanced function plan. After the feature is enabled, the protocol version is HTTP 2.0. Note This feature is available only for Anti-DDoS Pro.
Server IP	The address type of the origin server. You must enter the address after you specify the address type. The address type can be Origin Server IP or Origin Server Domain. Origin Server IP: You can specify up to 20 IP addresses. If multiple IP addresses of an origin server are specified, Anti-DDoS Pro or Anti-DDoS Premium uses IP Hash load balancing to forward network traffic to the origin server. Origin Server Domain: If you want to use both Anti-DDoS Pro or Anti-DDoS Premium and web application firewall (WAF), select Origin Server Domain and enter the CNAME record provided by your WAF instance. This provides enhanced protection for your website.
Server Port	The server port that is specified based on the selected protocol. Note The forwarding port must be the same as the origin server port. If HTTP or Websocket is selected, this parameter is set to 80 by default. If HTTPS or Websockets is selected, this parameter is set to 443 by default. Note HTTP 2.0 ports are the same as HTTPS ports. To add custom ports, you can click Custom and select ports other than the default ones. Instances that use the standard function plan support HTTP port 80, WebSocket port 8080, HTTPS port 443, and WebSockets port 8443. Instances that use the enhanced function plan support specific non-standard ports. For more information, see Specify non-standard ports for protection.
CNAME Reuse	Specifies whether to enable CNAME reuse. After CNAME reuse is enabled, you can associate the domain names hosted by the same server with the CNAME record assigned by Anti-DDoS Premium. For more information, see CNAME reuse. Note This feature is available only for Anti-DDoS Premium.

After you add a website, click Website List. Then, you can view the added website configuration and its CNAME record on the Website Config page.

Import multiple website configurations at a time

Log on to the Anti-DDoS Pro console.
In the top navigation bar, select the region of your Anti-DDoS instance.
- Mainland China: Anti-DDoS Pro
- Outside Mainland China: Anti-DDoS Premium
In the left-side navigation pane, choose Provisioning > Website Config.
On the Website Config page, click Batch Domains Import.
In the Add Multiple Rules pane, enter the information of the websites that you want to add and click Next.
You can edit the information of the websites that you want to add in an XML file and then copy the content into the field. For more information about the format of the file, see Website configurations in an XML file.

If the content of the XML file is valid, the file is parsed into the configurations of the websites that you want to add.
In the Import Rule pane, select the websites that you want to add and click OK.
After the configurations are imported, close the The rules have been created pane.

What to do next

Anti-DDoS Pro or Anti-DDoS Premium assigns a CNAME record to each added website. You can modify the DNS records to associate the CNAME record of the instance with the website. We recommend that you use a local machine to verify that the traffic forwarding settings have taken effect before you switch your service traffic to an instance. For more information, see Verify the forwarding configuration on your local machine.

Notice If you switch your service traffic to an instance before the forwarding settings take effect, your service may be interrupted.

After you add the website to Anti-DDoS Pro or Anti-DDoS Premium, you can perform the following operations on the Website Config page:

If security software such as firewalls is deployed on the origin server, you must add the back-to-origin IP addresses of Anti-DDoS Pro or Anti-DDoS Premium to the whitelist of the origin server. For more information, see Allow back-to-origin IP addresses to access the origin server.
If the website provides services over HTTPS, you must upload an SSL certificate. For more information, see Upload an SSL certificate.
If the website provides services over HTTPS and is protected by an instance that uses the enhanced function plan, you can customize a TLS security policy. For more information, see Create a custom TLS policy.
Configure Layer 7 anti-DDoS protection for the website, such as anti-DDoS protection policies, HTTP flood protection policies, and network acceleration policies. For more information, see Configure protection policies.
Edit or delete a website configuration. For more information, see Edit a website configuration and Delete a website configuration.
Export multiple website configurations at a time. For more information, see Export multiple website configurations at a time.
If the origin server is deployed on an ECS instance, and the IP address of the origin server is exposed, we recommend that you change the public IP address of the ECS instance. This prevents attackers from bypassing Anti-DDoS Pro or Anti-DDoS Premium and launching attacks against the origin server. For more information, see Change the public IP address of an ECS origin server.