Help Center/ Anti-DDoS Service/ User Guide/ Advanced Anti-DDoS User Guide/ Connecting Services to AAD/ Connecting Non-Domain Name Services to AAD
Updated on 2024-12-24 GMT+08:00
View PDF
Share

Connecting Non-Domain Name Services to AAD

If your service does not have a domain name and provides services only through a public IP address, you can configure forwarding rules to connect your service to Advanced Anti-DDoS (AAD). After forwarding rules are configured, a high-defense IP address automatically forwards traffic to the origin server IP address. In this way, the origin server is hidden from heavy-traffic DDoS attacks.

Limitations and Constraints

  • An origin server IP address can be added to multiple forwarding rules.
  • The forwarding protocol and forwarding port in each forwarding rule must be unique.
  • During batch configuration of forwarding rules, only .txt files can be imported. The number of forwarding rules in the file cannot exceed the quota limit. Within the quota limit, a maximum of 200 rules can be imported at a time.

Connecting IP-based Services to AAD

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the navigation pane on the left, choose Advanced Anti-DDoS > Forwarding Configuration.
  4. Select the instance and line for which you want to add a forwarding rule, and click Add.

    Figure 1 Selecting an instance and line

  5. Enter the forwarding information based on the site requirements.

    Table 1 Parameter description

    Parameter

    Description

    Forwarding Protocol
    Specifies the protocol used to forward user service workload.
    • tcp: TCP is a connection-oriented protocol that provides reliable delivery of a stream of bytes at the transport layer.
    • udp: UDP is a connectionless protocol that provides simple transaction-oriented delivery of messages at the transport layer.

    Forwarding Port

    Specifies the port used to forward user service workload.

    Origin Server Port

    Specifies the port used by the origin server.

    Origin Server IP Address

    Specifies the public IP address used by the origin server.

    • After configuring the rules, change the domain names based on your services. AAD will automatically forward traffic to your origin server IP addresses.
    • You can add a maximum of 20 origin server IP addresses. Separate them with commas (,).
    • Enter a valid public IP address.

    Some carriers will block the following ports for security reasons. It is recommended that you do not use the following ports.

    • TCP: 42, 135, 137-139, 444, 445, 593, 1025, 1068, 1434, 3127-3130, 3332, 4444, 4789, 4790, 5554, 5800, 5900, 6669, 9996.
    • UDP: 135-139, 445, 593, 1026-1028, 1068, 1433, 1434, 4444, 4789, 4790, 5554, 9996, 17185.

  6. Confirm the information and click OK.

Related Operations

Parent Topic: Connecting Services to AAD