Non-website service provisioning with CNAME - Anti-DDoS Pro Service (Old)| Alibaba Cloud Documentation Center

This article takes an example to describe how to connect your layer-4 service to Anti-DDoS Pro by using CNAME resolution.

In most cases, you can directly specify the clients to access the Anti-DDoS Pro IP address for layer-4 access (non-web service protection). However, in some cases, you may need to use a domain name to connect your layer-4 service to Anti-DDoS Pro. In such cases, you can add a layer-7 domain name, and use the same CNAME to resolve the domain name to the different Anti-DDoS Pro lines for CNAME auto scheduling.

Assume that you want the traffic accessing the game server domain name (game.aliyundemo.com) to be redirected to your Anti-DDoS Pro IP address, the game’s TCP ports are 1234 and 5678, and the origin site IP address is 1.1.1.1.

Step 1: Add the domain name to Web Service to obtain the CNAME.

Log on to the Anti-DDoS Pro console, and go to the Access > Web Service page. Click Add Domain to add game.aliyundemo.com under protection. When selecting ISP line, assign China Telecom, China Unicom, and BGP lines at the same time to the domain name so that Anti-DDoS Pro IP addresses on different lines use the same CNAME.

Note If this domain name does not relate to a real website business, you can select whatever Protocol and enter anything in Origin site IP. Because this rule does not affect the Port 1234 and Port 5678 that are required by the actual business. Access requests sent to these two ports are forwarded to the Anti-DDoS Pro IP addresses by the following Non-Web Service forwarding rules in Step 2.

If this domain name relates to a real website business, you must specify the correct protocol type and origin site IP. This CNAME can also be used in domain name resolution for layer-4 service protection.

Step 2: Configure a forwarding rule under Non-Web Service.

Follow Non-website access to configure two forwarding rules for the TCP ports 1234 and 5678.

You can use the Export Rules and Add batch rules functions to facilitate the operations.

Note You must configure the corresponding non-website forwarding rules for all the Anti-DDoS Pro IP addresses enabled in Step 1.

Step 3: Update the DNS settings of the domain name

Go to your DNS service provider to add a CNAME record for game.aliyundemo.com, resolving it to the CNAME generated in Step 1.

When the procedure is complete, requests from clients can be intelligently resolved to the Anti-DDoS Pro IP addresses based on their network types. Anti-DDoS Pro can then correctly forward requests sent from the clients to origin based on the layer-4 forwarding configuration.

Additionally, you can enable CNAME Auto switch for layer-4 services on the Web Service page.