After you add a domain name or a port to an instance, Anti-DDoS Pro or Anti-DDoS Premium forwards the packets received by the port to the port of the origin server. To ensure service stability, we recommend that you verify whether the forwarding configuration takes effect on your local machine before the inbound traffic is rerouted to Anti-DDoS Pro or Anti-DDoS Premium. This topic describes how to verify the configuration.

Prerequisites

Background information

To protect a service that is associated by using a domain name instead of an IP address, you must add a website to Anti-DDoS Pro or Anti-DDoS Premium. After you add a website configuration, you can modify the hosts file or use the CNAME record of Anti-DDoS Pro or Anti-DDoS Premium to connect to the server and check whether the forwarding configuration takes effect.

Requests to access Layer 4 services, such as games, are processed by using IP addresses instead of domain names. You must add port forwarding rules to Anti-DDoS Pro or Anti-DDoS Premium to protect these services. Then, you can verify the forwarding configuration by using the IP address of Anti-DDoS Pro or Anti-DDoS Premium to access the server.

Notice If you switch your service traffic to Anti-DDoS Pro or Anti-DDoS Premium before the forwarding configuration takes effect, your services may be interrupted.

Modify the local hosts file

  1. Modify the hosts file to reroute the inbound traffic of the protected website to Anti-DDoS Pro or Anti-DDoS Premium. The following procedure shows how to modify the hosts file on a Windows server.
    1. Find the hosts file, which is typically stored in C:\Windows\System32\drivers\etc\.
    2. Open the hosts file by using a text editor.
    3. Add the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance and the protected domain name at the end of the file.
      Assume that the IP address of the instance is 180.xx.xx.173 and the domain name is www.aliyundemo.com. You must add 180.xx.xx.173 www.aliyundemo.com at the end of the file.hosts
    4. Save the file.
  2. Ping the IP address of the protected domain name from your local machine.
    The IP address of the domain name is expected to be resolved into the IP address of the instance in the hosts file. If the domain name is still resolved into the IP address of the origin server, refresh the local DNS cache by running ipconfig/flushdns in the CLI.
  3. After you verify that the IP address of the protected domain name is resolved to the IP address of the instance, try to access the service by using the domain name. If you can access the service, the configuration has taken effect.

Use the CNAME record assigned by Anti-DDoS Pro or Anti-DDoS Premium to access the origin server

If the client allows users to enter the domain name of the origin server, replace the domain name with the CNAME record assigned by Anti-DDoS Pro or Anti-DDoS Premium and check whether the origin server can be accessed.
Note After you add a domain name for protection, Anti-DDoS Pro or Anti-DDoS Premium assigns a CNAME record to the domain name. You can view the CNAME record on the Website Config page.

If the client cannot connect to the service, check whether the prerequisites are met. If the fault persists, contact Alibaba Cloud technical support.

Use the IP address of the instance to access the origin server

Assume that the IP address of the instance is 99.99.99.99, the forwarding port is 1234, the IP address of the origin server is 11.11.11.11, and the port of the origin server is 1234.

If you can use telnet commands to access the IP address of the instance by using port 1234, the forwarding rule has taken effect.

If the client allows users to enter the IP address of the origin server, you can enter the IP address of the instance for verification.