To use Anti-DDoS Pro or Anti-DDoS Premium to protect your non-website services, such as client-based applications, you must create forwarding rules. Then, Anti-DDoS Pro or Anti-DDoS Premium scrubs traffic that is destined for your services and then forwards only service traffic to your origin server based on the forwarding rules. This topic describes how to create, modify, and delete forwarding rules for non-website services.

Prerequisites

An Anti-DDoS Pro or Anti-DDoS Premium instance is purchased. For more information, see Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.

Create forwarding rules

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your instance resides.
    • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
    • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select the instance for which you want to create a forwarding rule.
    You can create one or more forwarding rules at a time. After forwarding rules are created, you can export the rules at a time. For more information, see Export multiple port configurations.
    • Create a forwarding rule
      Click Create Rule. In the dialog box that appears, configure the parameters based on your business requirements and click OK.
      Parameter Description
      Forwarding Protocol The protocol of the traffic that you want to forward. Valid values: TCP and UDP.
      Forwarding Port The port that you want to use to forward traffic.
      Note
      • We recommend that you specify the same value for both Forwarding Port and Origin Server Port.
      • To prevent domain owners from creating their own DNS servers, Anti-DDoS Pro and Anti-DDoS Premium do not protect services that use port 53.
      • For an instance, forwarding rules that use the same protocol must use different forwarding ports. If you attempt to create a rule with a protocol and forwarding port that are configured for another rule, an error message indicating that these rules overlap appears. Make sure that the rule you want to create does not conflict with the rules that are automatically generated when you add a website to your instance. For more information, see Website forwarding rules.
      Origin Server Port The port of the origin server.
      Origin Server IP The IP address of the origin server.
      Note You can specify a maximum of 20 origin IP addresses to implement load balancing. Separate multiple IP addresses with commas (,).
    • Create multiple forwarding rules at a time
      1. On the Port Config page, select the instance for which you want to create multiple forwarding rules at a time and choose Batch Operations > Create Rule below the rule list.
      2. In the Create Rule dialog box, enter the required information as shown in the sample file and click OK.

        Each line represents a rule. From left to right, the fields in each rule indicate the following information: protocol, forwarding port, origin server port, and origin IP address. Fields are separated by spaces.

      3. In the Create Rule dialog box, select the rules that you want to create and click OK.
    Note If the Exclamation point icon is displayed next to a protocol in the Forwarding Protocol column of a forwarding rule, the forwarding rule was automatically generated when you added a website. This forwarding rule is used to forward the traffic of website services. You cannot modify or delete rules that are automatically generated. If the websites that use these rules are disassociated from your instance, the rules are automatically deleted. For more information about how to add a website, see Add a website.
    • If you specify port 80 for the origin server when you add a domain name to your instance, Anti-DDoS Pro or Anti-DDoS Premium automatically generates a forwarding rule. This forwarding rule is used to forward TCP traffic to the origin server over port 80.
    • If you specify port 443 for the origin server when you add a domain name to your instance, Anti-DDoS Pro or Anti-DDoS Premium automatically generates a forwarding rule. This forwarding rule is used to forward TCP traffic to the origin server over port 443.

Modify forwarding rules

You can modify forwarding rules and change the origin server IP addresses in the rules. If the forwarding protocol or port of traffic is changed, we recommend that you create a forwarding rule.

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your instance resides.
    • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
    • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select the required instance and find the rule that you want to modify.
    You can modify one or more forwarding rules at a time.
    • Modify a forwarding rule
      1. Find the rule that you want to modify and click Edit in the Actions column.
      2. In the Edit Rule dialog box, change the value of Origin Server IP and click OK.
    • Modify multiple forwarding rules at a time
      Note If you use an Anti-DDoS Pro instance, you cannot modify multiple forwarding rules at a time. If you use an Anti-DDoS Premium instance, you cannot modify multiple forwarding rules at a time
      1. Choose Batch Operation > Edit Rule below the rule list. In the Edit Rule dialog box, enter the required information as shown in the sample file and click OK.
      2. In the Edit Rule dialog box, select the rules that you want to create and click OK.

Delete forwarding rules

You can delete manually created forwarding rules that are no longer in use. Before this operation, ensure that inbound traffic is no longer forwarded to Anti-DDoS Pro or Anti-DDoS Premium instances. If you delete a forwarding rule before you restore the IP address of your service from that of your Anti-DDoS Pro or Anti-DDoS Premium instance to the actual IP address, your service may be interrupted.

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your instance resides.
    • Anti-DDoS Pro: If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.
    • Anti-DDoS Premium: If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.
    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select the required instance, find the forwarding rule that you want to delete, and then Delete in the Actions column.
    Note To delete multiple rules at a time, select the rules and click Batch Delete below the rule list.
  5. In the message that appears, click OK.

What to do next

After you create forwarding rules, you must allow the back-to-origin IP address of your instance on the origin server, verify that the forwarding rules are in effect on your computer, and then switch the traffic of your non-website services to your instance.

  1. Allow the back-to-origin IP address of your instance on the origin server. This way, the traffic from your instance is allowed by the security software on your origin server. For more information, see Allow back-to-origin IP addresses to access the origin server.
  2. Verify that the forwarding rules are in effect on your computer to prevent service exceptions caused by invalid forwarding rule configurations. For more information, see Verify the forwarding configurations on your local computer.
    Warning If you switch your service traffic to your instance before the forwarding rules take effect, your services may be interrupted.
  3. Switch the traffic of your non-website services to your instance
    • If your service can be accessible over an IP address, replace the service IP address with the exclusive IP address of your instance.
      Note The method to replace the IP address varies based on your platform.
    • If your service is also accessible over a domain name, such as example.com, that functions as the server address or is added to a client program, change the A record at the DNS provider of the domain name to redirect the traffic to the exclusive IP address of your instance. For more information, see Change the DNS record.