After you buy and activate Anti-Bot, you must configure the Anti-Bot instance for the website domain name to protect against malicious bot traffic.

Note Anti-Bot and WAF adopt the same forwarding configuration. Therefore, if you have purchased, activated, and configured WAF for your website domain name, you do not have to configure Anti-Bot for the website domain name. The website domain name is displayed in the Anti-Bot console and its source is displayed as Cloud Synchronization.

Prerequisites

Before connecting your website domain name to the Anti-Bot instance, ensure that the following prerequisites are met:
  • The website domain name that must be protected against malicious bot traffic.
    Note For Anti-Bot instances in Mainland China, the added website domain name must be filed to the Ministry of Industry and Information Technology of the People's Republic of China (MIIT) (ICP Filing is not required). For Anti-Bot instances outside China, no filing requirements are posed for website domain names.
  • Origin server IP address corresponding to the website domain name.
    Note For one website domain name, Anti-Bot allows you to configure up to 20 IP addresses for the origin server.
  • If your website supports HTTPS services, you must also prepare the certificate and private key bound to the domain name.
  • Permission to edit the DNS resolution record of the website domain name. That is, ensure that you can modify the DNS resolution record of the domain name in the console provided by the domain name resolution service provider (such as HiChina, Xinnet, and DNSPod) of the domain name.

Procedure

  1. Log on to the Anti-Bot console, and select the region where your Anti-Bot instance is located.
  2. Go to the Domain Configuration page, and click Add Domain.
  3. Configure the website domain name, and click Next.
    Parameter Description Description
    Domain The website domain name that you want to protect. You can enter a wildcard domain name, such as *.aliyundemo.cn. Anti-Bot automatically matches the second-level domain name of the wildcard domain name.
    Note If you enter a wildcard domain name and an exact domain name at the same time, such as *.aliyundemo.cn and abc.aliyundemo.cn, Anti-Bot preferentially uses the routing algorithm and protection policy configured for the exact domain name.
    Protocol The protocol supported by the website. If your website supports HTTPS encrypted authentication, select the HTTPS protocol, and upload a certificate and a private key after adding the website. If HTTPS is selected, you can configure advanced settings to implement HTTP forcible redirection and HTTP back-to-origin to ensure smooth access.
    Server Address The IP address of the origin server corresponding to the website domain name. After Anti-Bot is configured for the website, Anti-Bot forwards the filtered access requests to the IP address of the origin server.
    (Recommended) Select IP, and enter the IP address of the origin server (such as the IP address of the ECS or SLB instance). Then, Anti-Bot forwards requests to the IP address of the origin server. Up to 20 IP addresses can be configured for the origin server. If multiple back-to-origin IP addresses are configured, Anti-Bot automatically performs health check and load balancing.
    Select Other Address, and enter the back-to-origin domain name of the server (such as the CNAME record of the OSS instance). Then, Anti-Bot forwards requests to the domain name. The back-to-origin domain name of the server should be different from the website domain name.
    Server Port The origin port corresponding to the website domain name. After Anti-Bot is configured for the website, Anti-Bot forwards the filtered access requests to this port. For HTTP, the default port is port 80. For HTTPS, the default port is port 443. If you want to use another port, click Custom.
    Layer-7 gateways are in use, such as Alibaba Cloud Anti-DDoS Pro or CDN Select this option based on the actual website services. If you need to configure another Layer-7 gateway for the website for forwarding prior to Anti-Bot, select Yes. Otherwise, Anti-Bot cannot retrieve the actual IP addresses of clients that access the website.
    Load balancing algorithm If multiple IP addresses are configured for the origin server, select IP hash or Round-robin. Anti-Bot distributes access requests by using the selected algorithm to implement load balancing. -


  4. Select a DNS resolution modification method for the domain name (manual modification or CDN-based modification), and click Next to add the domain name information.
    Note We recommend that you configure the origin server of the website to allow the origin CIDR block of Anti-Bot and locally verify that the domain name forwarding configuration is effective before modifying DNS resolution for the domain name. This ensures that the access requests of the website can be properly forwarded to the origin server.


Retrieve the allocated CNAME address

After the domain name information of the website is added, Anti-Bot automatically allocates a CNAME record for the domain name. After the access to the website domain name is resolved to the CNAME record, Anti-Bot forwards all the access requests to the website to the origin server to implement security protection.
Note Ping the IP address resolved from the CNAME record allocated to the domain name. This IP address is also the allocated IP address of the Anti-Bot instance. The IP address of the Anti-Bot instance is relatively invariable in normal cases.
Log on to the Anti-Bot console. On the Domain Configuration page, select the added website domain name, and hover over the Copy CNAME button to display the CNAME record that Anti-Bot allocated to the website domain name.
Note Click Copy CNAME to copy the CNAME record to the clipboard.

Upload an HTTPS certificate and a private key (for HTTPS websites only)

If the added website supports HTTPS encrypted authentication and the HTTPS protocol is selected, you must upload the corresponding certificate and private key into the Anti-Bot console after the domain name is added. Otherwise, the website is inaccessible over HTTPS.

After the domain name information is added, the HTTPS status of the website domain name is displayed as Error on the Domain Configuration page, indicating that the current certificate is incorrectly configured.

Perform the following steps to upload a certificate and a private key to the website:
  1. Log on to the Anti-Bot console. On the Domain Configuration page, select the website domain name.
  2. Click Upload Certificate for the HTTPS status.
  3. In the Update Certificate dialog box, select Upload Method.
    • Select Manually Upload, set Certificate Name, and copy the contents of the certificate file and private key file bound to the website domain name to the Certificate File and Private Key File text boxes, respectively.
      Note If the certificate is a commonly formatted certificate (such as in the .pem, .cer, or .crt format), you can directly open it in a text editor and copy the content. If the certificate is in another format (such as .pfx and .p7b), convert it to the .pem format, open the converted file in a text editor, and copy the content. For more information about how to convert the certificate file, see Convert an HTTPS certificate to the PEM format.
      Note If the HTTPS certificate contains multiple certificate files (such as a certificate chain), you must merge the text contents of all the certificate files into one file and paste the merged file in the Certificate File text box.

      Sample content of a certificate file

      -----BEGIN CERTIFICATE-----
      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8ixZJ4krc+1M+j2kcubVpsE2
      cgHdj4v8H6jUz9Ji4mr7vMNS6dXv8PUkl/qoDeNGCNdyTS5NIL5ir+g92cL8IGOkjgvhlqt9vc
      65Cgb4mL+n5+DV9uOyTZTW/MojmlgfUekC2xiXa54nxJf17Y1TADGSbyJbsC0Q9nIrHsPl8YKk
      vRWvIAqYxXZ7wRwWWmv4TMxFhWRiNY7yZIo2ZUhl02SIDNggIEeg==
      -----END CERTIFICATE-----

      Sample content of a private key file

      -----BEGIN RSA PRIVATE KEY-----
      DADTPZoOHd9WtZ3UKHJTRgNQmioPQn2bqdKHop+B/dn/4VZL7Jt8zSDGM9sTMThLyvsmLQKBgQ
      Cr+ujntC1kN6pGBj2Fw2l/EA/W3rYEce2tyhjgmG7rZ+A/jVE9fld5sQra6ZdwBcQJaiygoIYo
      aMF2EjRwc0qwHaluq0C15f6ujSoHh2e+D5zdmkTg/3NKNjqNv6xA2gYpinVDzFdZ9Zujxvuh9o
      4Vqf0YF8bv5UK5G04RtKadOw==
      -----END RSA PRIVATE KEY-----
    • If the HTTPS certificate bound to the website domain name has been added to the certificate service of Alibaba Cloud Security under the Alibaba Cloud account for management, select Select Existing Certificates to select the certificate.
  4. Click Save. The certificate and private key bound to the domain name are uploaded, and the HTTPS status is updated to Normal.