All Products
Search
Document Center

Edge Security Acceleration:Configure TCP/UDP proxy

Last Updated:Mar 27, 2025

To enhance performance and security for applications that connect to the origin server via Transmission Control Protocol (TCP) or User Datagram Protocol (UDP), you can activate the TCP/UDP proxy feature. This is particularly beneficial for scenarios involving real-time combat games and interactive audio and video streaming.

Before you begin

  • If the edge and origin server ports are ranges with differing numbers, use port offset to map edge ports to their corresponding origin server ports and configure request forwarding.

    For instance, if the edge port ranges from 3000 to 4000 and the origin server port ranges from 5000 to 6000, a request to edge port 3050 will be redirected to origin server port 5050.

  • You can set up to 30 proxy rules for each application.

Create a TCP/UDP proxy application

To create a TCP/UDP proxy application, perform the following steps:

  1. In the ESA console, choose Websites and click the website name you want to manage.

  2. In the left-side navigation pane, choose TCP/UDP > Settings.

  3. Click Create Application and enter the application parameters.

    image

    1. Access Configuration

      Domain Name: The domain name (hostname or record) that the client accesses. This domain name is used to resolve the accelerated IP address of ESA. After the IP address is resolved, the client can send requests to the IP address using a Layer 4 protocol.

    2. Security

      IP Access Rules: When enabled, the IP access rules set in WAF take effect for the TCP/UDP proxied application.

    3. Proxy Rules

      • Protocol: The protocol that your application uses at Layer 4. Valid values: TCP and UDP.

      • Edge Port: The port of ESA that is accessed. You can specify a single port, multiple ports, or a combination of port ranges.

        Note

        You can specify port numbers in the range of 1 to 65535.

        • For multiple ports, use a comma to separate them, such as: 80,81,82.

        • For port ranges, use a hyphen to connect them, such as: 100-200.

        • For a combination of port ranges, such as: 80,81,82,100-200.

      • Origin Server: The address of the origin server to which ESA forwards requests. You can specify an IP address, domain name, origin address pool, or load balancer.

      • Origin Port: The port of the origin server. You can specify a single port or a port range. If the edge port is a port range, the origin port must be set to a single port or a port range of the same length. If the edge port is not a port range, the origin port must be set to a single port.

      • Pass Client IP: The proxy protocol used to pass the original client IP and port information to the origin server. Supported options include Do Not Pass, PROXY Protocol v1, and PROXY Protocol v2. The default option is Do Not Pass. For more information about obtaining the real client IP, see Obtain the real client IP through PROXY Protocol v1/v2.

  4. Click OK.

Modify a TCP/UDP proxy application

To modify a TCP/UDP proxy application, perform the following steps:

  1. In the ESA console, choose Websites and click the website name you want to manage.

  2. In the left-side navigation pane, choose TCP/UDP > Settings.

  3. Find the TCP/UDP proxy application you want to modify and click Edit in the Actions column. On the Application Details page, you can turn on or off IP Access Rules, and change the settings of Proxy Rules.

    image

    Note
    • Ensure that the Edge Port value in a new proxy rule does not conflict with the edge ports in existing rules when adding a new rule.

    • Maintain at least one proxy rule for your application when deleting rules.

  4. Confirm your changes and click OK.

Delete a TCP/UDP proxy application

To delete a TCP/UDP proxy application, perform the following steps:

  1. In the ESA console, choose Websites and click the website name you want to manage.

  2. In the left-side navigation pane, choose TCP/UDP > Settings.

  3. Find the TCP/UDP proxy application you want to delete and click Delete in the Actions column. In the pop-up window, confirm the domain name and click Delete.

    image