All Products
Search

This Product

    Anti-DDoS:Modify the CNAME to protect a non-website service

    Document Center

    Anti-DDoS:Modify the CNAME to protect a non-website service

    Last Updated:Apr 01, 2024

    To add a non-website service to Anti-DDoS Proxy for protection, you must create port forwarding rules and change the IP address of the service to the IP address of an Anti-DDoS Proxy instance. In some scenarios, you may need to add Layer 4 services to multiple Anti-DDoS Proxy instances by using domain names and set up an automatic mechanism to switch service traffic among the instances. We recommend that you add the domain name of your service to Anti-DDoS Proxy and modify the CNAME of the domain name.

    Background information

    This example shows how to add a gaming service to Anti-DDoS Proxy. The domain name of the service is demo.aliyundoc.com, TCP ports are 1234 and 5678, and the origin IP address is 1.1.XX.XX.

    Procedure

    1. Add the website that you want to protect and obtain the CNAME that is assigned to the website.

      1. Log on to the Anti-DDoS Proxy console.

      2. In the top navigation bar, select the region of your instance.

        • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Proxy (Chinese Mainland) instance, select Chinese Mainland.

        • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Proxy (Outside Chinese Mainland), select Outside Chinese Mainland.

      3. In the left-side navigation pane, choose Provisioning > Website Config.

      4. On the Website Config page, click Add Website. Configure the parameters and click Add.

        • Function Plan and Instance: Select the Anti-DDoS Proxy instance with which you want to associate the domain name. In this example, the domain name is associated with two instances that use the Enhanced function plan.

        • Websites: Enter the domain name of the website. In this example, the domain name is demo.aliyundoc.com.

        • Protocol Type and Server Port: Use the default values.

        • Server Address: Select Origin IP Address and enter the IP address of the origin server.

          • If the domain name provides website services, you must specify the actual protocol and origin IP address.

          • If the domain name does not provide website services, you can enter any IP address. The user traffic is rerouted by using the port forwarding rules created in Step 2.

        For more information, see Add one or more websites.

      After you add a domain name, Anti-DDoS Proxy assigns a CNAME to the domain name.

    2. Create a port forwarding rule.

      1. In the left-side navigation pane, choose Provisioning > Port Config.

      2. On the Port Config page, select the instance that you want to manage and click Create Rule.

        Note

        Select one of the associated instances from Step 1. Select one of the two instances in this example.

      3. In the Create Rule dialog box, configure the parameters and click OK.

        • Forwarding Protocol:: Select TCP.

        • Redirection Port:: Enter 1234.

        • Origin Server Port:: Enter 1234.

        • Origin IP Address:: Enter 1.1.XX.XX. This parameter specifies the origin IP address.

        For more information, see Configure port forwarding rules.

      4. Repeat the preceding two steps to create another port forwarding rule for the instance. In this rule, set both the forwarding port and origin server port to 5678. 转发规则

      5. Repeat the previous three steps to create port forwarding rules for the other Anti-DDoS Proxy instances. 转发规则

    3. Go to the DNS provider that has the domain name demo.aliyundoc.com to modify the DNS record. Use the CNAME to map the domain name to the CNAME record obtained in step 1. cname解析