Updated on 2024-09-26 GMT+08:00

Step 2: Adding the Back-to-Source IP Address Range to the Whitelist

A back-to-source IP address is used by AAD to proxy clients to request servers. AAD replaces all source IP addresses with back-to-source IP addresses to ensure the security, stability, and availability of origin servers.

If a firewall has been configured or security software has been installed on the origin server, whitelist the back-to-origin IP address for the firewall or security software. In this case, the back-to-origin IP address will not be blocked by the security policies set on the origin server.

Prerequisites

The domain name to be protected has been connected to AAD.

Procedure

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the navigation pane on the left, choose Advanced Anti-DDoS > Domain Name Access. The Domain Name Access page is displayed.

    Figure 1 Domain name access

  4. On the displayed page, click Back-to-Origin IP Address Range.
  5. In the displayed Back-to-Origin IP Address Range dialog box, view the back-to-origin IP address range.

    Figure 2 Viewing the back-to-origin IP address range

  6. Add the back-to-origin IP address to the whitelist of the firewall or security software on the origin server.