To use Anti-DDoS Pro or Anti-DDoS Premium to protect your non-website services, such
as client-based applications, you must create forwarding rules. Then, Anti-DDoS Pro
or Anti-DDoS Premium scrubs traffic that is destined for your services and then forwards
only service traffic to your origin server based on the forwarding rules. This topic
describes how to create, modify, and delete forwarding rules for non-website services.
Create forwarding rules
- Log on to the Anti-DDoS Pro console.
- In the top navigation bar, select the region where your instance resides.
- Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
- Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium
instances. Make sure that you select the required region when you use Anti-DDoS Pro
or Anti-DDoS Premium.
- In the left-side navigation pane, choose .
- On the Port Config page, select the instance for which you want to create a forwarding rule.
You can create one or more forwarding rules at a time. After forwarding rules are
created, you can export the rules at a time. For more information, see
Export multiple port configurations.
- Create a forwarding rule
Click
Create Rule. In the dialog box that appears, configure the parameters based on your business
requirements and click
OK.
Parameter |
Description |
Forwarding Protocol |
The protocol of the traffic that you want to forward. Valid values: TCP and UDP.
|
Forwarding Port |
The port that you want to use to forward traffic.
Note
- We recommend that you specify the same value for both Forwarding Port and Origin Server Port.
- To prevent domain owners from creating their own DNS servers, Anti-DDoS Pro and Anti-DDoS
Premium do not protect services that use port 53.
- For an instance, forwarding rules that use the same protocol must use different forwarding
ports. If you attempt to create a rule with a protocol and forwarding port that are
configured for another rule, an error message indicating that these rules overlap
appears. Make sure that the rule you want to create does not conflict with the rules
that are automatically generated when you add a website to your instance. For more
information, see Website forwarding rules.
|
Origin Server Port |
The port of the origin server. |
Origin Server IP |
The IP address of the origin server.
Note You can specify a maximum of 20 origin IP addresses to implement load balancing. Separate
multiple IP addresses with commas (,).
|
- Create multiple forwarding rules at a time
- On the Port Config page, select the instance for which you want to create multiple forwarding rules
at a time and choose below the rule list.
- In the Create Rule dialog box, enter the required information as shown in the sample file and click
OK.
Each line represents a rule. From left to right, the fields in each rule indicate
the following information: protocol, forwarding port, origin server port, and origin
IP address. Fields are separated by spaces.
- In the Create Rule dialog box, select the rules that you want to create and click OK.
Note If the

icon is displayed next to a protocol in the
Forwarding Protocol column of a forwarding rule, the forwarding rule was automatically generated when
you added a website. This forwarding rule is used to forward the traffic of website
services. You cannot modify or delete rules that are automatically generated. If the
websites that use these rules are disassociated from your instance, the rules are
automatically deleted. For more information about how to add a website, see
Add a website.
- If you specify port 80 for the origin server when you add a domain name to your instance,
Anti-DDoS Pro or Anti-DDoS Premium automatically generates a forwarding rule. This
forwarding rule is used to forward TCP traffic to the origin server over port 80.
- If you specify port 443 for the origin server when you add a domain name to your instance,
Anti-DDoS Pro or Anti-DDoS Premium automatically generates a forwarding rule. This
forwarding rule is used to forward TCP traffic to the origin server over port 443.
Modify forwarding rules
You can modify forwarding rules and change the origin server IP addresses in the rules.
If the forwarding protocol or port of traffic is changed, we recommend that you create
a forwarding rule.
- Log on to the Anti-DDoS Pro console.
- In the top navigation bar, select the region where your instance resides.
- Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
- Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium
instances. Make sure that you select the required region when you use Anti-DDoS Pro
or Anti-DDoS Premium.
- In the left-side navigation pane, choose .
- On the Port Config page, select the required instance and find the rule that you want to modify.
You can modify one or more forwarding rules at a time.
- Modify a forwarding rule
- Find the rule that you want to modify and click Edit in the Actions column.
- In the Edit Rule dialog box, change the value of Origin Server IP and click OK.
- Modify multiple forwarding rules at a time
Note If you use an Anti-DDoS Pro instance, you cannot modify multiple forwarding rules
at a time. If you use an Anti-DDoS Premium instance, you cannot modify multiple forwarding
rules at a time
- Choose below the rule list. In the Edit Rule dialog box, enter the required information as shown in the sample file and click
OK.
- In the Edit Rule dialog box, select the rules that you want to create and click OK.
Delete forwarding rules
You can delete manually created forwarding rules that are no longer in use. Before
this operation, ensure that inbound traffic is no longer forwarded to Anti-DDoS Pro
or Anti-DDoS Premium instances. If you delete a forwarding rule before you restore
the IP address of your service from that of your Anti-DDoS Pro or Anti-DDoS Premium
instance to the actual IP address, your service may be interrupted.
- Log on to the Anti-DDoS Pro console.
- In the top navigation bar, select the region where your instance resides.
- Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
- Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium
instances. Make sure that you select the required region when you use Anti-DDoS Pro
or Anti-DDoS Premium.
- In the left-side navigation pane, choose .
- On the Port Config page, select the required instance, find the forwarding rule that you want to delete,
and then Delete in the Actions column.
Note To delete multiple rules at a time, select the rules and click Batch Delete below the rule list.
- In the message that appears, click OK.
What to do next
After you create forwarding rules, you must allow the back-to-origin IP address of
your instance on the origin server, verify that the forwarding rules are in effect
on your computer, and then switch the traffic of your non-website services to your
instance.
- Allow the back-to-origin IP address of your instance on the origin server. This way,
the traffic from your instance is allowed by the security software on your origin
server. For more information, see Allow back-to-origin IP addresses to access the origin server.
- Verify that the forwarding rules are in effect on your computer to prevent service
exceptions caused by invalid forwarding rule configurations. For more information,
see Verify the forwarding configurations on your local computer.
Warning If you switch your service traffic to your instance before the forwarding rules take
effect, your services may be interrupted.
- Switch the traffic of your non-website services to your instance
- If your service can be accessible over an IP address, replace the service IP address
with the exclusive IP address of your instance.
Note The method to replace the IP address varies based on your platform.
- If your service is also accessible over a domain name, such as example.com, that functions
as the server address or is added to a client program, change the A record at the
DNS provider of the domain name to redirect the traffic to the exclusive IP address
of your instance. For more information, see Change the DNS record.