All Products
Search
Document Center

Anti-DDoS:Configure health checks

Last Updated:Nov 07, 2023

Anti-DDoS Pro and Anti-DDoS Premium provide Layer 4 and Layer 7 health checks for protected non-website services. The health check feature is suitable for services that have more than one origin IP address. This feature is used to check the availability of the backend servers. After you add a port forwarding rule to Anti-DDoS Pro or Anti-DDoS Premium, you can enable the health check feature for the port forwarding rule.

Prerequisites

  • A port forwarding rule for a non-website service is configured on the Port Config page.

    For more information, see Manage port forwarding rules.

  • The origin IP addresses are configured in the port forwarding rule.

    Important

    If you configure only one origin IP address in a port forwarding rule, we recommend that you do not enable the health check feature.

Background information

The health check feature is suitable for services that have more than one origin IP address. When Anti-DDoS Pro or Anti-DDoS Premium forwards traffic to backend servers, this feature verifies the availability of the backend servers. Therefore, traffic is forwarded to healthy backend servers to ensure that the services properly run. For more information, see Health check overview.

Enable the health check feature

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Provisioning > Port Config.

  4. On the Port Config page, select the instance, find the port forwarding rule that you want to manage, and then click Configure in the Health Check column.

    Note

    To configure the health check feature for more than one port forwarding rule at a time, you can select the rules and choose Batch Operations > Add Session and Health Check Settings. For more information, see Configure session persistence and health checks for more than one rule at a time.

  5. In the Health Check dialog box, configure the parameters and click OK.

    Anti-DDoS Pro or Anti-DDoS Premium allows you to configure Layer 4 and Layer 7 health checks. The following table describes the parameters.

    Note

    You can configure advanced options for Layer 4 and Layer 7 health checks. You must click Advanced Settings to show advanced options. We recommend that you do not modify the advanced options.

    Type

    Parameter

    Description

    Layer 4 Health Check

    Health Check Port

    The port that the health check feature uses to communicate with the backend server. Valid values: 1 to 65535. By default, the backend port configured for a listener is used.

    Note

    The Layer 4 health check is suitable for TCP and UDP forwarding rules.

    Layer 7 Health Check

    Domain Name and Health Check Path

    During a Layer 7 health check, Anti-DDoS Pro or Anti-DDoS Premium sends an HTTP HEAD request to the default homepage of the origin server.

    Note

    The Layer 7 health check is suitable for only TCP forwarding rules.

    If you do not want to use the default homepage of the origin server for health checks, you must specify a domain name and a path of the page that you want to check.

    If you have limited the host field for the HTTP HEAD request, you need to only specify a URI for health checks. The Domain Name parameter is optional. The default value is the IP address of the backend server.

    Health Check Port

    The port that the health check feature uses to communicate with the backend server. Valid values: 1 to 65535. By default, the backend port configured for a listener is used.

    Advanced Settings

    Response Timeout Period

    The timeout period of a health check. Valid values: 1 to 30. Unit: seconds. If the backend server does not respond within the specified timeout period, the backend server is declared as unhealthy.

    Health Check Interval

    The interval between two consecutive health checks. Valid values: 1 to 30. Unit: seconds.

    Note

    Each scrubbing node in the Anti-DDoS Pro or Anti-DDoS Premium cluster performs health checks on backend servers at the specified interval independently and concurrently. The scrubbing nodes may perform health checks on the same backend server at different points in time. Therefore, the health check records on the backend server do not indicate the time interval specified for the health check.

    Unhealthy Threshold

    The number of consecutive failed health checks performed on a backend server by the same scrubbing node before the backend server is declared as unhealthy. Valid values: 1 to 10.

    Healthy Threshold

    The number of consecutive successful health checks performed on a backend server by the same scrubbing node before the backend server is declared as healthy. Valid values: 1 to 10.

    After the health check feature is enabled, Enabled appears in the Health Check column for the port forwarding rule.

Configure session persistence and health checks for more than one port forwarding rule

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Provisioning > Port Config.

  4. On the Port Config page, select the instance that you want to manage and choose Batch Operations > Add Session and Health Check Settings.

  5. In the Add Session and Health Check Settings dialog box, enter the required information as shown in the sample file and click OK.

    Note

    You can export health check settings to a TXT file, modify the settings in the TXT file, and then copy and paste the settings to the Add Session and Health Check Settings dialog box. For more information, see Export configurations of multiple websites.

    The formats of session persistence and health check settings must meet the following requirements:

    • Each line represents a forwarding rule.

    • From left to right, the fields in each port forwarding rule indicate the following parameters: forwarding port, forwarding protocol, session persistence timeout period, health check type, port, response timeout period, check interval, unhealthy threshold, healthy threshold, health check path, and domain name. The supported forwarding protocols are TCP, HTTP, and UDP. The session persistence timeout period is measured in seconds, and the valid value ranges from 30 to 3600. Fields are separated by spaces.

    • Port forwarding ports must be the ports that are specified in port forwarding rules.

    • If a port forwarding rule uses UDP, we recommend that you configure a UDP health check. If a port forwarding rule uses TCP, we recommend that you configure a TCP health check (Layer 4 health check) or HTTP health check (Layer 7 health check).

    • If you configure an HTTP health check, the Health Check Path parameter is required, but the Domain Name parameter is optional.