tencent cloud

Operation Scenarios

Anti-DDoS Advanced can automatically identify the running status of your real servers and isolate exceptional ones through health checks. This reduces the impact of real server exceptions on your overall business availability.

• Non-website business (layer-4) health check
  The health check mechanism for non-website business protection in Anti-DDoS Advanced is as follows: an Anti-DDoS cluster node initiates access requests to the server port specified in the configuration. If access to the port is normal, the real server will be considered healthy; otherwise, it will be considered exceptional.
  Under the TCP protocol, it detects whether the port can be connected. Under the UDP protocol, it uses ping for reachability check.
• Website business (layer-7) health check
  The health check mechanism for website business protection in Anti-DDoS Advanced is as follows: the Anti-DDoS forwarding cluster sends HTTP requests to the real server, and the Anti-DDoS system judges whether the server is normal according to the returned HTTP status codes.
  You can customize the status represented by the response code. For example, in a certain scenario, if HTTP returned values include http_1xx, http_2xx, http_3xx, http_4xx, and http_5xx, and you define http_1xx and http_2xx as normal status based on your business needs, then when a response code between http_3xx to http_5xx is returned, you can know that the server is exceptional.

When configuring a layer-4 or layer-7 forwarding rule, if only one real server IP is configured in the rule, the health check feature will not be enabled, as it is suitable for scenarios with multiple real server IPs.

Directions

Health check configuration for non-website business

The following describes how to configure a health check rule for non-website business protection in Anti-DDoS Advanced.

1. Log in to the Anti-DDoS Console and select Anti-DDoS Advanced > Access Configuration to enter the management page.

2. Click Non-Website Business, select the target Anti-DDoS Advanced instance and corresponding rule, and click Edit in the "Health Check" column.

3. On the health check editing page, click Show Advanced Options to set the configuration items and click OK.

• Health check is enabled by default.
• When configuring health check, you are recommended to use the default values.
• The health check configuration information can be imported and exported in batches. After import, the system will match the rules one by one according to the imported "forwarding protocols and forwarding ports", and the "forwarding ports" must have rules configured.

Health check configuration for website business

The following describes how to configure a health check rule for website business protection in Anti-DDoS Advanced.

1. Log in to the Anti-DDoS Console and select Anti-DDoS Advanced > Access Configuration to enter the management page.

2. Click Website Business, select the target Anti-DDoS Advanced instance and corresponding rule, and click Edit in the "Health Check" column.

3. On the health check editing page, click to enable health check and click Show Advanced Options to set the configuration items. After confirming that everything is correct, click OK.

- Health check is disabled by default.
- When configuring health check, you are recommended to use the default values.
- The health check configuration information can be imported and exported in batches. After import, the system will match the rules one by one according to the imported "forwarding protocols and business domain names", and the "business domain names" must have rules configured.

Configuration Item Description

Layer-4 health check

Layer-7 health check