Anti-DDoS:Modify the CNAME record to protect a non-website service

To add a non-website service to Anti-DDoS Pro or Anti-DDoS Premium, you must create port forwarding rules and change the IP address of the service to the IP address of an Anti-DDoS Pro or Anti-DDoS Premium instance. In specific scenarios, you may need to use domain names to set up multiple Anti-DDoS Pro instances for Layer 4 services and set up an automatic mechanism to switch service traffic among these instances. In this is the case, we recommend that you add the domain names to Anti-DDoS Pro or Anti-DDoS Premium instances and then modify the CNAME records of the domain names.

1. Add the website that you want to protect and obtain the CNAME record assigned to the website.
   1. Log on to the Anti-DDoS Pro console.
   2. In the top navigation bar, select the region where your server is deployed.
      • Chinese Mainland: Anti-DDoS Pro
      • Outside Chinese Mainland: Anti-DDoS Premium
   3. In the left-side navigation pane, choose Provisioning > Website Config.
   4. On the Website Config page, click Add Domain.
   5. On the Add Domain wizard, set the parameters in the Enter Site Information step and click Add.
      The parameters are described as follows:

      • Function Plan and Instance: Select the instances with which you want to associate the domain name. In this example, the domain name is associated with two instances that use the enhanced function plan.
      • Domain: Enter the domain name that you want to protect. In this example, the domain name is demo.aliyundoc.com.
      • Protocol and Server Port: Use the default values.
      • Server IP: Select Origin Server IP and enter the IP address of the origin server.
        • If the domain name provides website services, you must specify the actual protocol and IP address of the origin server.
        • If the domain name does not provide website services, you can enter any IP address. The user traffic is rerouted by using the port forwarding rules created in step 2.

      For more information, see Add a website.

   After you add a domain name, Anti-DDoS Pro or Anti-DDoS Premium assigns a CNAME record to the domain name.
2. Create a port forwarding rule.
   1. In the left-side navigation pane, choose Provisioning > Port Config.
   2. On the Port Config page, select the instance for which you want to create a port forwarding rule and click Create Rule.
      Note Select one of the associated instances from step 1.
   3. In the Create Rule dialog box, specify the required parameters and click Complete.
      The parameter configurations in this example are described as follows:

      • Forwarding Protocol: Select TCP.
      • Forwarding Port: Enter 1234.
      • Origin Server Port: Enter 1234.
      • Origin Server IP: Enter 1.1.XX.XX. This parameter specifies the IP address of the origin server.

      For more information, see Manage forwarding rules.

   4. Repeat the preceding two steps to create another port forwarding rule for the instance. In this rule, set both the forwarding port and origin server port to 5678.
   5. Repeat the preceding three steps to create port forwarding rules for other instances.
3. Go to the DNS provider that has the domain name demo.aliyundoc.com to modify the DNS record. Use the CNAME record to map the domain name to the CNAME record obtained in step 1.
   For more information, see Change DNS records to protect website services.