After you add a domain name or a port to an Anti-DDoS Pro or Anti-DDoS Premium instance, Anti-DDoS Pro or Anti-DDoS Premium forwards the packets received by the port to the port of the origin server. To ensure service stability, we recommend that you verify whether the forwarding configurations take effect on your computer before the inbound traffic is rerouted to Anti-DDoS Pro or Anti-DDoS Premium. This topic describes how to verify the configurations.

Prerequisites

Background information

To protect a service that is accessed by using a domain name instead of an IP address, you must add a website to Anti-DDoS Pro or Anti-DDoS Premium. After you add a website, you can modify the hosts file or use the CNAME of the Anti-DDoS Pro or Anti-DDoS Premium instance to connect to the server and check whether the forwarding configurations take effect.

Requests to access Layer 4 services, such as games, are processed by using IP addresses instead of domain names. You must add port forwarding rules to Anti-DDoS Pro or Anti-DDoS Premium to protect these services. Then, you can verify the forwarding configurations by using the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance to access the server.

Notice If you switch your service traffic to Anti-DDoS Pro or Anti-DDoS Premium before the forwarding configurations take effect, your service may be interrupted.

Modify the local hosts file

  1. Modify the hosts file to reroute the inbound traffic of the protected website to Anti-DDoS Pro or Anti-DDoS Premium. The following procedure shows how to modify the hosts file on a Windows server.
    1. Find the hosts file, which is typically stored in C:\Windows\System32\drivers\etc\.
    2. Open the hosts file by using a text editor.
    3. Add both the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance and the protected domain name at the end of the file.
      For example, if the IP address of the instance is 180.xx.xx.173 and the domain name is www.aliyundemo.com, you must add 180.xx.xx.173 www.aliyundemo.com at the end of the file. hosts
    4. Save the file.
  2. Ping the protected domain name from your computer.
    If the command output includes the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance in the hosts file, the modification takes effect as expected. If the command output includes the IP address of the origin server, refresh the local DNS cache by running ipconfig/flushdns in Command Prompt.
  3. After you verify that the protected domain name is resolved to the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance, try to access the service by using the domain name. If you can access the service, the configurations take effect.

Use the CNAME assigned by Anti-DDoS Pro or Anti-DDoS Premium to access the origin server

If the client allows you to enter the domain name of the origin server, replace the domain name with the CNAME assigned by Anti-DDoS Pro or Anti-DDoS Premium and check whether the origin server is accessible.
Note After you add a domain name for protection, Anti-DDoS Pro or Anti-DDoS Premium assigns a CNAME to the domain name. You can view the CNAME on the Website Config page.

If the origin server is unaccessible, check whether the prerequisites are met. If the error persists, contact Alibaba Cloud technical support.

Use the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance to access the origin server

Assume that the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance is 99.99.99.99, the forwarding port is 1234, the IP address of the origin server is 11.11.11.11, and the port of the origin server is 1234.

You can use telnet commands to access the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance over port 1234. If the IP address is accessible, the forwarding rule takes effect.

If the client allows you to enter the IP address of the origin server, you can enter the IP address of the Anti-DDoS Pro or Anti-DDoS Premium instance for verification.