tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Anti-DDoS
    Documentation
    Download PDF

    Non-Website Business Connection

    Last updated: 2024-07-01 11:20:28
    Download PDF
      This document describes how to connect a non-website business to an Anti-DDoS Advanced instance and verify the forwarding configuration.

      Prerequisite

      To add a forwarding rule, you need to purchase an Anti-DDoS Advanced (Chinese Mainland) ‌or Anti-DDoS Advanced (Global)‌ instance.
      To modify the DNS information of your business domain name, you need to purchase a DNS service, such as Tencent Cloud DNSPod.

      ‍Process

      

      Directions

      Configuring forwarding rules

      1. Log in to the new Anti-DDoS console, and click Business Access > Access via domain name on the left sidebar.
      2. On the Access via domain name tab, click Start access.
      
      3. ‌On the Access via Domain Name page, select an associated instance ID and click Next: Set Protocol Port.
      Note:
      You can select multiple instances.
      
      4. Select a forwarding protocol and certificate, specify a domain name, and then click Next: Set Forwarding Method.
      
      5. Select a forwarding method, specify a real server IP and port or a real server domain name, and then click Next: Modify DNS Resolution.
      
      Note:
      An alternate real server is used when the forwarding to the real server fails.
      Only the standard protocol p‌orts 80 (HTTP) and 443 (HTTPS).
      Wildcard domain names are supported.
      6. Click Complete.
      Note:
      After you have connected to the service, you can customize your protection settings on the Configurations page. For more information, see Protection Configuration.

      Allowing forwarding IP ranges

      To prevent service unavailability from occurring when the real server blocks Anti-DDoS Advanced's forwarding IP, we recommend you configure allowlist policies for the real server infrastructure, including firewall, Web Application Firewall, intrusion prevention system (IPS), and traffic management, and disable the protection feature or set allowlist policies on the host firewall and other security software (such as safedog) of the real server, so that the forwarding IP will not be affected by the security policies of the real server.
      
      1. Log in to the new Anti-DDoS console and click Anti-DDoS instances on the left sidebar.
      2. ‌On the Anti-DDoS instances page, select a target instance and click the instance ID.
      
      3. On the Basic information page, you will see the forwarding IP ranges.
      

      Verifying configuration locally

      ‌After the forwarding configuration is completed, the Anti-DDoS Advanced IP will forward packets from the relevant port to the corresponding real server port according to the forwarding rules. ‌To ensure the stability of your business, a local test is recommended. The verification methods are as follows:
      For businesses accessed via IPs
      For businesses accessed via IPs (such as games), run the telnet command to check whether the Anti-DDoS Advanced IP port is accessible. You can also enter the Anti-DDoS Advanced IP as the server IP in your local client (if available) to check whether the local client can access the Anti-DDoS Advanced IP.
      For example, assume that the Anti-DDoS Advanced IP is 10.1.1.1 with the forwarding port 1234, and the real server IP is 10.2.2.2 with the real server port 1234. Run telnet on your local client to access 10.1.1.1:1234. If the address can be accessed, the forwarding is successful.
      For businesses accessed via domain names
      For businesses accessed via domain names, you can modify the local hosts file to verify whether the configuration has taken effect.
      1. Edit the local hosts file to direct local requests to the protected site to your Anti-DDoS Advanced instance. The following uses Windows OS as an example to describe how to configure the local hosts file: Open the hosts file in C:\\Windows\\System32\\drivers\\etc and add the following content at the end of the file:
      <Anti-DDoS Advanced IP address> <Domain name of the protected website>
      For example, if the Anti-DDoS Advanced IP is 10.1.1.1 and the domain name is www.qqq.com, add:
      10.1.1.1 www.qqq.com
      Save the hosts file and run the ping command on the local computer to ping the protected domain name. If the resolved IP address is the Anti-DDoS Advanced IP address bound in the hosts file, the local hosts configuration has taken effect.
      Note:
      If the resolved IP address is still the real server IP address, try running the ipconfig/flushdns command in the Windows command prompt to refresh the local DNS cache.
      2. After confirming the Anti-DDoS Advanced IP bound in the hosts file has taken effect, check whether the domain name can be accessed. If it can be accessed properly, the configuration has taken effect.
      Note:
      If the verification still fails with the correct method, log in to the Anti-DDoS Advanced console and check whether the configuration is correct. If the problem persists after you fix all incorrect configuration items, please submit a ticket to us for assistance.

      Modifying DNS resolution

      ‌If you want to modify DNS resolution, see Configuring Smart Scheduling for instructions.
      Note:
      The DNS resolution address should be changed to the CNAME address provided, which will be updated from time to time. (Non-BGP resources are not supported).
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy