Anti-DDoS:Use an Anti-DDoS Premium instance of the MCA mitigation plan

Procedure

1. Log on to the Anti-DDoS Pro console.
2. In the top navigation bar, select Outside Chinese Mainland.
   If you select this region, the Anti-DDoS Premium console appears.
3. Add your service to the Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan and to the Anti-DDoS Premium instance of the MCA mitigation plan.
   • You can add your website service on the Website Config page.
     In the left-side navigation pane, choose Provisioning > Website Config. On the Website Config page, click Add Domain. On the page that appears, configure the parameters to add your website service. For more information, see Add a website.

     Notice

     • When you configure the Instance parameter in the Enter Site information step, you must select both an Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan and an Anti-DDoS Premium instance of the MCA mitigation plan.
     • You need to only configure the parameters in the Enter Site information step. After your website service is added, you do not need to follow the instructions that are provided on the page to change the DNS record.
   • You can add your non-website service on the Port Config page.
     In the left-side navigation pane, choose Provisioning > Port Config. On the Port Config page, click Create Rule. In the dialog box that appears, configure the parameters to add your non-website service. For more information, see Manage forwarding rules.

     Notice

     • Before you add your non-website service to an Anti-DDoS Premium instance of the MCA mitigation plan, make sure that the service can be accessed by using domain names. If your non-website service can be accessed only by using IP addresses, you cannot add the service to an Anti-DDoS Premium instance of the MCA mitigation plan.
     • You must configure the same forwarding rules for both the Anti-DDoS Premium instance of the Insurance or Unlimited mitigation plan and the Anti-DDoS Premium instance of the MCA mitigation plan.
4. Create a network acceleration rule.
   In the left-side navigation pane, choose Provisioning > Sec-Traffic Manager. On the General tab of the Sec-Traffic Manager page, click Create Rule. In the dialog box that appears, configure the parameters to create a network acceleration rule. For more information, see Create a network acceleration rule.
   After the network acceleration rule is created, Anti-DDoS generates a CNAME. You need to only change the DNS record of your domain name to map the domain name to the CNAME.

   Notice The automatic traffic redirection is achieved based on the CNAME. Therefore, you must use the CNAME.
5. Change the DNS record of your domain name on the website of your DNS service provider.
   To allow the network acceleration rule to take effect, you must change the DNS record of your domain name on the website of the DNS service provider and map the domain name to the CNAME provided by Sec-Traffic Manager. If your DNS service is provided by Alibaba Cloud DNS, you need to only change the DNS record in the Alibaba Cloud DNS console.

   Notice After you change the DNS record of your domain name, the network acceleration rule takes effect. Before you change the DNS record, we recommend that you modify the hosts file on your computer to verify the network acceleration rule. This helps avoid incompatibility issues that are caused by inconsistent back-to-origin policies.

   For more information about how to verify network acceleration rules, see Verify the forwarding configurations on your local computer.

   For more information about how to change the DNS record of a domain name, see Change the CNAME record to redirect traffic to Sec-Traffic Manager.