This document shows you how to connect website applications to Anti-DDoS Advanced instances and verify forwarding configurations.
It currently supports connecting website applications in Beijing, Shanghai, and Guangzhou, while regions outside the Chinese mainland are not supported.
|Websites with HTTP only||Tick **HTTP**.|
|Websites with HTTPS only||
- If you tick **Forwarding via IP**, enter the real server IP (or IP + port). If a domain name corresponds to multiple real server IPs (or multiple pairs of IP + port), you can enter all of them and separate them with carriage return. Up to 16 entries are supported. - If you tick **Forwarding via domain name**, enter the forwarding domain name (CNAME) or domain name (CNAME) + port. If a domain name corresponds to multiple real server domain names (CNAME) or multiple pairs of domain name (CNAME) + port, you can enter all of them and separate them with carriage return. Up to 16 entries are supported.
- From left to right, paste the domain name, protocol, real server IP (real server domain name is currently not supported), and real server port; separate the real server IP and real server port with
:and others with spaces; only one forwarding rule can be entered per line.
- The number of forwarding rule entries added in batches cannot exceed the current quota.
To prevent the service unavailability that occurs when the real server blocks Anti-DDoS Advanced's forwarding IP, we recommend configuring allowlist policies for the real server infrastructure, including firewall, Web Application Firewall, intrusion prevention system (IPS), and traffic management, and disabling the protection feature of the host firewall and other security software (such as Safedog) or setting allowlist policies, so that the forwarding IP will not be affected by the security policies of the real server.
To view the detailed Anti-DDoS Advanced forwarding IP range, you can log in to the Anti-DDoS console, click Anti-DDoS Advanced -> Resource List on the left sidebar, find the row of the target Anti-DDoS Advanced instance, and click its ID/Name.
After the forwarding configuration is completed, the Anti-DDoS Advanced IP will forward the packets from the relevant port to the corresponding real server port by following the forwarding rules.
To ensure the stability of your business, a local test is recommended. The verification methods are as follows:
hostsfile to direct local requests to the protected website to the Anti-DDoS Advanced IP.
C:\Windows\System32\drivers\etc, and add the following content at the end of the text:
<Anti-DDoS Advanced IP address> <Domain name of the protected website>
10.1.1.1and the domain name is
pingcommand on the local computer to test the protected domain name.
hostsfile, the forwarding is successful.
If the resolved IP address is still the real server IP address, try running the
ipconfig/flushdnscommand in the Windows Command Prompt to clear the local DNS cache.
hosts, check whether the domain name can be accessed.
If the verification still fails with the correct method, please log in to the Anti-DDoS console and check whether the configuration is correct. If the problem persists after you fix any incorrect configuration items, please contact Tencent Cloud technical support.
Before using Anti-DDoS Advanced, you need to configure the A record of your business domain name's DNS with an Anti-DDoS Advanced IP, so that all user access requests to your site will pass through Anti-DDoS Advanced first before arriving at the real server (that is, all traffic will be first directed to Anti-DDoS Advanced before getting to the real server).
The principle of domain name resolution configuration is consistent, but the configuration methods in different service providers may be different. Here the Tencent Cloud DNSPod is used.