After you add a domain name or a port to an Anti-DDoS Pro or Anti-DDoS Premium instance, Anti-DDoS Pro or Anti-DDoS Premium forwards the packets received by the port to the port of the origin server. To ensure service stability, we recommend that you verify whether the forwarding configurations take effect on your computer before the inbound traffic is rerouted to Anti-DDoS Pro or Anti-DDoS Premium. This topic describes how to verify the configurations.
Prerequisites
- A website or port is added to an Anti-DDoS Pro or Anti-DDoS Premium instance. For more information, see Add one or more websites and Configure port forwarding rules.
- The back-to-origin CIDR blocks of the Anti-DDoS Pro or Anti-DDoS Premium instance are added to the whitelist of the origin server. For more information, see Allow back-to-origin IP addresses to access the origin server.
Background information
To protect a service that is accessed by using a domain name instead of an IP address, you must add a website to Anti-DDoS Pro or Anti-DDoS Premium. After you add a website, you can modify the hosts file or use the CNAME of the Anti-DDoS Pro or Anti-DDoS Premium instance to connect to the server and check whether the forwarding configurations take effect.
Requests to access Layer 4 services, such as games, are processed by using IP addresses instead of domain names. You must add port forwarding rules to Anti-DDoS Pro or Anti-DDoS Premium to protect these services. Then, you can verify the forwarding configurations by using the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance to access the server.
Modify the local hosts file
- Modify the hosts file to reroute the inbound traffic of the protected website to Anti-DDoS Pro or Anti-DDoS Premium. The following procedure shows how to modify the hosts file on a Windows server.
- Find the hosts file, which is typically stored in C:\Windows\System32\drivers\etc\.
- Open the hosts file by using a text editor.
- Add both
the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance and the protected domain nameat the end of the file.For example, if the IP address of the instance is180.173.XX.XXand the domain name isdemo.aliyundoc.com, you must add180.173.XX.XX demo.aliyundoc.comat the end of the file. - Save the file.
- Ping the protected domain name from your computer. If the command output includes the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance in the hosts file, the modification takes effect as expected. If the command output includes the IP address of the origin server, refresh the local DNS cache by running
ipconfig/flushdnsin Command Prompt. - After you verify that the protected domain name is resolved to the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance, try to access the service by using the domain name. If you can access the service, the configurations take effect.
Use the CNAME assigned by Anti-DDoS Pro or Anti-DDoS Premium to access the origin server
If the origin server is unaccessible, check whether the prerequisites are met. If the error persists, contact Alibaba Cloud technical support.
Use the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance to access the origin server
Assume that the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance is 99.99.XX.XX, the forwarding port is 1234, the IP address of the origin server is 11.11.XX.XX, and the port of the origin server is 1234.
You can use telnet commands to access the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance over port 1234. If the IP address is accessible, the forwarding rule takes effect.
If the client allows you to enter the IP address of the origin server, you can enter the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance for verification.