You can configure Non-Web Service of Anti-DDoS Pro for an origin site of Alibaba Cloud ECS or VPC. However, if the rule “Only allow Anti-DDoS Pro IP addresses, and block all other IP addresses” exists in the ECS/VPC security group, it can block the real IP address of the client.
The latest security group version can obtain the visitors’ real IP addresses. Therefore, the “only allow/deny all” access rule can disturb the normal access traffic.
Modify the ECS security group rules based on visitors’ real IP addresses.
Assume that a complete access process is as follows:
Client (real IP address: 18.104.22.168) > Anti-DDoS Pro (Back-to-source IP address: 22.214.171.124) > ECS
If you have set the rule in ECS security group to only allow IP address 126.96.36.199, then you must delete this rule. In addition, you have to decide whether to allow certain real client IP addresses based on your actual situation.