To use Anti-DDoS Pro or Anti-DDoS Premium to protect your non-website services, such
as client-based games, mobile games, or apps, you must create forwarding rules on
the Port Config page. You can configure DDoS mitigation settings for the forwarding
rules that are created for Layer 4 services on the Port Config page. DDoS mitigation
settings include session persistence, health check, and DDoS mitigation policies.
Create a forwarding rule
- Log on to the Anti-DDoS Pro console.
- In the top navigation bar, select the region where your instance resides.
- Mainland China: If you select this region, the Anti-DDoS Pro console appears.
- Outside Mainland China: If you select this region, the Anti-DDoS Premium console appears.
You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium
instances. Make sure that you select the required region when you use Anti-DDoS Pro
or Anti-DDoS Premium.
- In the left-side navigation pane, choose .
- On the Port Config page, select the instance that you want to manage and click Create Rule.

If the

icon is displayed next to a protocol in the
Forwarding Protocol column of a forwarding rule, the forwarding rule was automatically generated when
you added a website. This forwarding rule is used to forward the traffic of website
services. For more information about how to add a website, see
Add a website.
- If you specify port 80 for the origin server when you add a domain name to your instance,
Anti-DDoS Pro or Anti-DDoS Premium automatically generates a forwarding rule. This
forwarding rule is used to forward TCP traffic to the origin server over port 80.
- If you specify port 443 for the origin server when you add a domain name to your instance,
Anti-DDoS Pro or Anti-DDoS Premium automatically generates a forwarding rule. This
forwarding rule is used to forward TCP traffic to the origin server over port 443.
If Anti-DDoS Pro and Anti-DDoS Premium automatically generate the preceding forwarding
rules when you add another website, Anti-DDoS Pro and Anti-DDoS Premium do not generate
the forwarding rules again.
Note You cannot edit or delete rules that are automatically generated. If the websites
that use these rules are disassociated from your instance, the rules are automatically
deleted.
- In the Create Rule dialog box, configure the parameters and click OK.

Parameter |
Description |
Forwarding Protocol |
The protocol that you want to use to forward traffic. Valid values: TCP and UDP.
|
Forwarding Port |
The port that you want to use to forward traffic.
Note
- We recommend that you specify the same value for both Forwarding Port and Origin Server Port.
- To prevent domain owners from creating their own DNS servers, Anti-DDoS Pro and Anti-DDoS
Premium do not protect services that use port 53.
- You cannot specify a port that is in use. For an instance, forwarding rules that use
the same protocol must use different forwarding ports. If you attempt to create a
rule with a protocol and forwarding port that are configured for another rule, an
error message indicating that these rules overlap appears. Make sure that the rule
you want to create does not conflict with the forwarding rules automatically generated
when you add a website to your instance. For more information, see Website forwarding rules.
|
Origin Server Port |
The port of the origin server. |
Origin Server IP |
The IP address of the origin server.
Note You can specify a maximum of 20 origin IP addresses to implement load balancing. Separate
multiple IP addresses with commas (,).
|
After a forwarding rule is created, you can view the rule in the forwarding rule list
and perform the following operations on the rule:

- Add remarks: Click the
icon in the Forwarding Port column to add remarks for the forwarding rule. You can identify the use scenarios
and functionality of different forwarding rules based on the remarks.
- Enable session persistence and health check or configure DDoS mitigation policies.
For more information, see Configure port forwarding and DDoS mitigation policies.
- Edit or delete rules.
For more information, see Edit forwarding rules and Delete forwarding rules.
- Modify back-to-origin settings to enable the origin redundancy feature for a port forwarding rule. This feature
enables Anti-DDoS Pro and Anti-DDoS Premium to deliver higher disaster recovery (DR)
capabilities of back-to-origin links.
For more information, see Modify the back-to-origin settings for a port.
- Export multiple forwarding rules and mitigation settings at a time.
For more information, see Export multiple port configurations.
Create multiple forwarding rules at a time
- Log on to the Anti-DDoS Pro console.
- In the top navigation bar, select the region where your instance resides.
- Mainland China: If you select this region, the Anti-DDoS Pro console appears.
- Outside Mainland China: If you select this region, the Anti-DDoS Premium console appears.
You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium
instances. Make sure that you select the required region when you use Anti-DDoS Pro
or Anti-DDoS Premium.
- In the left-side navigation pane, choose .
- On the Port Config page, select the instance that you want to manage and choose .
- In the Create Rule dialog box, enter the required information as shown in the sample file and click
OK.

Take note of the following items when you enter the information:
- Check the information that you entered, select the rules that you want to create,
and then click OK.

- After the rules are uploaded, close the Create Rule dialog box.
What to do next
After you create forwarding rules, you must perform the following operations to enable
your instance to protect your non-website services.
- Allow the back-to-origin IP address of your instance on the origin server. This way,
the traffic from your instance is allowed by the security software on your origin
server.
For more information, see Allow back-to-origin IP addresses to access the origin server.
- Verify that the forwarding rules are in effect on your computer to prevent service
exceptions caused by invalid forwarding rule configurations.
For more information, see Verify the forwarding configuration on your local machine.
Warning If you switch your service traffic to your instance before the forwarding rules take
effect, your services may be interrupted.
- Switch the traffic of your non-website services to your instance by using one of the
following methods: