Create a Sec-MCA rule - Anti-DDoS Pro & Premium User Guide| Alibaba Cloud Documentation Center

To add a Sec-MCA rule, you must purchase an Anti-DDoS Premium Insurance or Unlimited instance and an Anti-DDoS Premium Sec-MCA instance. You can direct traffic from all ISPs in mainland China (excluding China Mobile) to the IP address of the Sec-MCA instance and direct traffic from China Mobile and regions outside mainland China to the IP address of the Anti-DDoS Premium instance.

Prerequisites

A Sec-MCA instance is purchased, and your service is added to the instance. For more information, see Purchase a Sec-MCA plan for an Anti-DDoS Premium instance and Configure Anti-DDoS Premium Sec-MCA.

Note You only need to add your service to the Sec-MCA instance and do not need to modify DNS records of the domain name.
An Anti-DDoS Premium Insurance or Unlimited instance is purchased, and your service is added to the Anti-DDoS Premium Insurance or Unlimited instance. For more information, see Purchase an insurance plan or unlimited plan for an Anti-DDoS Premium instance and Add a website (website service) and Create forwarding rules (non-website service).

Notice The bandwidth and queries per second (QPS) of the Anti-DDoS Premium Insurance or Unlimited instance must meet protection requirements of your service. This ensures that the instance can process service traffic after the traffic is switched to the Anti-DDoS Premium Insurance or Unlimited instance.
The Anti-DDoS Premium Insurance or Unlimited instance can forward traffic as expected. For more information, see Verify the forwarding configuration on your local machine.

Background information

Sec-MCA accelerates service access in scenarios where your service is deployed outside mainland China but your users reside in mainland China. It also mitigates volumetric DDoS attacks on the networks of ISPs in mainland China, excluding China Mobile.

If you want to provide quick and stable access for all users, including users in and outside mainland China and users from various ISPs, such as China Unicom and China Mobile, you can use the Sec-MCA instance together with the Anti-DDoS Premium Insurance or Unlimited instance.

For more information, see Configure Anti-DDoS Premium Sec-MCA.

Procedure

Log on to the Anti-DDoS Pro console.
In the top navigation bar, select Outside Mainland China.
If you select this region, the Anti-DDoS Premium console appears.
In the left-side navigation pane, choose Provisioning > Sec-Traffic Manager.
On the General tab, click Create Rule.

In the Create Rule pane, configure a Sec-MCA rule and click Next.


Parameter	Description
Interaction Scenario	Select Sec-MCA.
Name	Specify the name of the rule. The rule name can be up to 128 characters in length and can contain letters, digits, and underscores (_).
Sec-MCA	Select the IP address of the Sec-MCA instance.
Anti-DDoS Premium	Select an Anti-DDoS Pro or Anti-DDoS Premium instance.

After the rule is created, Sec-Traffic Manager assigns a CNAME address for the rule. You can view the created rule and CNAME address in the rule list.

Modify the DNS records.
Modify the DNS records of your domain name on the website of the DNS service provider to point the domain name to the CNAME address provided by Sec-Traffic Manager. For more information, see Change the CNAME record to redirect traffic to Sec-Traffic Manager.

What to do next

Edit an interaction rule: On the General tab, find the rule that you want to edit and click Edit in the Actions column. You can modify parameters except Interaction Scenario and Name.
Delete an interaction rule: On the General tab, find the rule that you want to delete and click Delete in the Actions column.

Warning Before you delete an interaction rule, make sure that the service traffic is no longer directed to the CNAME address assigned by Sec-Traffic Manager. Otherwise, your service becomes unavailable after you delete the rule.