- Updates and Announcements
- Product Introduction
- New/Legacy Anti-DDoS Advanced Version Differences
- Comparison of Anti-DDoS Protection Schemes
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- API Documentation
- FAQs
- Troubleshooting
- Anti-DDoS Advanced (Global Enterprise Edition)
- Legacy Anti-DDoS Advanced (Legacy)
- Service Level Agreement
- Contact Us
- Glossary
- Updates and Announcements
- Product Introduction
- New/Legacy Anti-DDoS Advanced Version Differences
- Comparison of Anti-DDoS Protection Schemes
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- API Documentation
- FAQs
- Troubleshooting
- Anti-DDoS Advanced (Global Enterprise Edition)
- Legacy Anti-DDoS Advanced (Legacy)
- Service Level Agreement
- Contact Us
- Glossary
This document describes how to connect a website business to an Anti-DDoS Advanced instance and verify the forwarding configuration.
Currently, only website businesses in Beijing, Shanghai, and Guangzhou regions can be connected. Businesses outside Mainland China are not supported.
Prerequisites
- To add a forwarding rule, you need to purchase an Anti-DDoS Advanced instance in Mainland China or outside Mainland China.
- To modify the DNS information of your business domain name, you need to purchase the domain name resolution product.
Process
Directions
Configuring forwarding rule
- Log in to the new Anti-DDoS Advanced Console and click Business Connection on the left sidebar.
- On the "Business Connection" page, select the Domain Name Connection tab and click Add Domain Name.
- On the forwarding rule adding page, configure the following parameters as needed:
Parameter description:- Domain Name: enter the website domain name to be protected.
- Protocol: HTTP and HTTPS are supported. Please select an option as needed:
Business Scenario Relevant Operation Websites supporting only HTTP Select **HTTP**. Websites supporting only HTTPS - Select **HTTPS**.
- Certificate source: Tencent Cloud-hosted certificate is selected by default.
- Certificate: select the name of the corresponding SSL certificate.
- Forwarding Method: forwarding via IP and forwarding via domain name are supported.
- If you select Forwarding via IP, enter the IP (or IP + port) of the real server. If one website domain name corresponds to multiple real server IPs (or IP + port pairs), you can enter all of them and separate them with carriage return. Up to 16 IPs (or IP + port pairs) are supported.
- If you select Forwarding via domain name, enter the real server domain name (CNAME) or domain name (CNAME) + port. If one website domain name corresponds to multiple real server domain names (CNAMEs) or pairs of domain name (CNAME) + port, you can enter all of them and separate them with carriage returns. Up to 16 entries are supported.
Opening forwarding IP range
To prevent business interruption that occurs if the real server blocks the Anti-DDoS Advanced forwarding IP, you are recommended to configure allowlist policies for the real server infrastructure (such as firewall, web application firewall, intrusion protection system (IPS), and traffic management system) and disable the protection features of the server firewall and other security software tools (such as Safedog) or set allowlist policies for them, so that the forwarding IP will not be affected by the security policies of the real server.
You can log in to the new Anti-DDoS Advanced Console and click Instance List on the left sidebar to find the target instance ID.
Click the instance ID to enter the basic information page and view the Anti-DDoS Advanced forwarding IP range.
Verifying configuration locally
After the forwarding configuration is completed, the Anti-DDoS Advanced IP will forward the packets from the relevant port to the corresponding real server port according to the forwarding rule.
To ensure the stability of your business, a local test is recommended. The verification method is as follows:
Modify the local
hostsfile to direct local requests to the protected site to your Anti-DDoS Advanced instance. The following uses Windows as an example to describe how to configure the localhostsfile:
Open thehostsfile inC:\Windows\System32\drivers\etcand add the following content at the end of the file:<Anti-DDoS Advanced IP address> <Domain name of the protected website>For example, if the Anti-DDoS Advanced IP is
10.1.1.1and the domain name iswww.qq.com, then add:10.1.1.1 www.qqq.comSave the
hostsfile and run thepingcommand on the local computer to ping the protected domain name. If the resolved IP address is the Anti-DDoS Advanced IP address bound in thehostsfile, the localhostsconfiguration has taken effect.If the resolved IP address is still the real server IP address, try running the
ipconfig /flushdnscommand in Windows Command Prompt to clear the local DNS cache.After successfully configuring the
hosts, check whether the domain name can be accessed. If it can be accessed properly, the configuration has taken effect.If the verification still fails with the correct method, please log in to the Anti-DDoS Advanced Console and check whether the configuration is correct. If the problem persists after you fix any incorrect configuration items, please submit a ticket for assistance.
Yes
No
Was this page helpful?