To use Anti-DDoS Pro or Anti-DDoS Premium to protect your non-website services, such as client-based games, mobile games, or apps, you must create forwarding rules on the Port Config page. You can configure DDoS mitigation settings for the forwarding rules that are created for Layer 4 services on the Port Config page. DDoS mitigation settings include session persistence, health check, and DDoS mitigation policies.

Prerequisites

An Anti-DDoS Pro or Anti-DDoS Premium instance is purchased. For more information, see Purchase an Anti-DDoS Pro or Anti-DDoS Premium instance.

Create a forwarding rule

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your instance resides.
    • Mainland China: If you select this region, the Anti-DDoS Pro console appears.
    • Outside Mainland China: If you select this region, the Anti-DDoS Premium console appears.
    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select the instance that you want to manage and click Create Rule.
    Note You can also create more than one forwarding rule at a time. For more information, see Create multiple forwarding rules at a time.
    Forwarding rule conflicts
    If the Exclamation point icon is displayed next to a protocol in the Forwarding Protocol column of a forwarding rule, the forwarding rule was automatically generated when you added a website. This forwarding rule is used to forward the traffic of website services. For more information about how to add a website, see Add a website.
    • If you specify port 80 for the origin server when you add a domain name to your instance, Anti-DDoS Pro or Anti-DDoS Premium automatically generates a forwarding rule. This forwarding rule is used to forward TCP traffic to the origin server over port 80.
    • If you specify port 443 for the origin server when you add a domain name to your instance, Anti-DDoS Pro or Anti-DDoS Premium automatically generates a forwarding rule. This forwarding rule is used to forward TCP traffic to the origin server over port 443.
    If Anti-DDoS Pro and Anti-DDoS Premium automatically generate the preceding forwarding rules when you add another website, Anti-DDoS Pro and Anti-DDoS Premium do not generate the forwarding rules again.
    Note You cannot edit or delete rules that are automatically generated. If the websites that use these rules are disassociated from your instance, the rules are automatically deleted.
  5. In the Create Rule dialog box, configure the parameters and click OK. Configure a rule
    Parameter Description
    Forwarding Protocol The protocol that you want to use to forward traffic. Valid values: TCP and UDP.
    Forwarding Port The port that you want to use to forward traffic.
    Note
    • We recommend that you specify the same value for both Forwarding Port and Origin Server Port.
    • To prevent domain owners from creating their own DNS servers, Anti-DDoS Pro and Anti-DDoS Premium do not protect services that use port 53.
    • You cannot specify a port that is in use. For an instance, forwarding rules that use the same protocol must use different forwarding ports. If you attempt to create a rule with a protocol and forwarding port that are configured for another rule, an error message indicating that these rules overlap appears. Make sure that the rule you want to create does not conflict with the forwarding rules automatically generated when you add a website to your instance. For more information, see Website forwarding rules.
    Origin Server Port The port of the origin server.
    Origin Server IP The IP address of the origin server.
    Note You can specify a maximum of 20 origin IP addresses to implement load balancing. Separate multiple IP addresses with commas (,).
    After a forwarding rule is created, you can view the rule in the forwarding rule list and perform the following operations on the rule:What to do next
    • Add remarks: Click the Edit icon icon in the Forwarding Port column to add remarks for the forwarding rule. You can identify the use scenarios and functionality of different forwarding rules based on the remarks.
    • Enable session persistence and health check or configure DDoS mitigation policies.

      For more information, see Configure port forwarding and DDoS mitigation policies.

    • Edit or delete rules.

      For more information, see Edit forwarding rules and Delete forwarding rules.

    • Modify back-to-origin settings to enable the origin redundancy feature for a port forwarding rule. This feature enables Anti-DDoS Pro and Anti-DDoS Premium to deliver higher disaster recovery (DR) capabilities of back-to-origin links.

      For more information, see Modify the back-to-origin settings for a port.

    • Export multiple forwarding rules and mitigation settings at a time.

      For more information, see Export multiple port configurations.

Create multiple forwarding rules at a time

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your instance resides.
    • Mainland China: If you select this region, the Anti-DDoS Pro console appears.
    • Outside Mainland China: If you select this region, the Anti-DDoS Premium console appears.
    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.
  3. In the left-side navigation pane, choose Provisioning > Port Config.
  4. On the Port Config page, select the instance that you want to manage and choose Batch Operations > Create Rule.
  5. In the Create Rule dialog box, enter the required information as shown in the sample file and click OK. Create Rule
    Take note of the following items when you enter the information:
    • Each line represents a rule.
    • From left to right, the fields in each rule indicate the following information: traffic protocol, forwarding port, origin server port, and origin IP address. Fields are separated by spaces.

      For more information about the fields, see Rule parameters.

  6. Check the information that you entered, select the rules that you want to create, and then click OK. Upload multiple forwarding rules
  7. After the rules are uploaded, close the Create Rule dialog box.

What to do next

After you create forwarding rules, you must perform the following operations to enable your instance to protect your non-website services.
  1. Allow the back-to-origin IP address of your instance on the origin server. This way, the traffic from your instance is allowed by the security software on your origin server.

    For more information, see Allow back-to-origin IP addresses to access the origin server.

  2. Verify that the forwarding rules are in effect on your computer to prevent service exceptions caused by invalid forwarding rule configurations.

    For more information, see Verify the forwarding configuration on your local machine.

    Warning If you switch your service traffic to your instance before the forwarding rules take effect, your services may be interrupted.
  3. Switch the traffic of your non-website services to your instance by using one of the following methods:
    • If your service is reachable over an IP address, replace the service IP address with the exclusive IP address of your instance.
      Note The method to replace the IP address varies based on your platform.
    • If your service is also reachable over a domain name, such as example.com, that functions as the server address or is added to a client program, change the A record at the DNS provider of the domain name to redirect the traffic to the exclusive IP address of your instance.

      For more information, see Change the DNS record.