This topic describes how to configure Server Load Balancer (SLB) and Anti-DDoS Origin to protect a website that is hosted on an Elastic Compute Service (ECS) instance. This combination provides better protection than Anti-DDoS Origin Enterprise alone.
- Create an Internet-facing SLB instance.For more information, see Create an SLB instance.When you create an Internet-facing SLB instance, note the following points:
After an Internet-facing SLB instance is created, you can obtain the IP Address of the SLB instance on the Instances page in the SLB console.
- SLB does not support cross-region deployment. Make sure that the ECS instance and the SLB instance are in the same region.
- Anti-DDoS Origin provides protection only for Alibaba Cloud services that have public IP addresses. Therefore, you must create an Internet-facing SLB instance.
- Configure the Internet-facing SLB instance.For more information, see Configure an SLB instance.When you configure the Internet-facing SLB instance, note the following points:
Note The Internet-facing SLB instance communicates with the backend ECS instance over the internal network. Therefore, we recommend that you disable Internet access to the backend ECS instance after you configure the SLB instance. Make sure that the SLB instance functions properly.After the SLB instance is configured, the SLB instance forwards requests from a client to the backend ECS instance based on the existing configurations.
- In the Protocol and Listener step, specify only the listening protocol and ports that are required. You can select TCP, UDP, HTTP, or HTTPS. Traffic whose protocol and port are not specified in the SLB listener is discarded and not forwarded to the backend ECS instance.
- In the Backend Servers step, select the instance where your website is hosted.
- Change the DNS settings.
- If your website is accessed by using its IP address, you can add the IP address of the Internet-facing SLB instance obtained in Step 1 as the IP address of your website. In this case, you do not need to change the DNS settings.
- If your website is accessed by using its domain name, you must resolve the domain name to the IP address of the SLB instance obtained in Step 1. For more information, see Resolve a domain name.
- Add the IP address of the SLB instance to the Anti-DDoS Origin Enterprise instance
for protection.For more information, see Add a cloud service to Anti-DDoS Origin Enterprise for protection.After you add the IP address of the SLB instance, the Anti-DDoS Origin Enterprise instance provides unlimited protection. The Anti-DDoS Origin Enterprise instance automatically scrubs service traffic to mitigate DDoS attacks.