百度智能云
All Product Document

          Anti-DDoS Service

          • Anti-DDoS Service
          • >
          • DDoS ADAS IP
          • >
          • Operation Guide
          • >
          • Forwarding Setting of ADAS IP

          Forwarding Setting of ADAS IP

          Last Updated2024-01-10

          Operation Steps

          Step 1:Enter the Anti-DDoS IP protection service configuration page

          1. Select "Products and Services -> Security- > ADAS " in the left navigation to enter the "Anti-DDoS IP" page.
          2. Select "Protective Business" from the left navigation of "Anti-DDoS IP".
          3. Enter "Add Business" on the "Protective Business" page. After adding, you can quickly switch the protection template on the protection business list page.

          image.png

          Step 2: Add protection services

          The detailed protection services are shown in the figure below:

          image.png

          The following table explains the terms that appear in the protection business architecture diagram:

          Name Description
          Business protocol/port Specify the protocol and port that the Anti-DDoS center monitors (that is, what protocol and port the user ultimately wants to use to access the Anti-DDoS center). The protocol supports HTTP (WebSocket), HTTPS (WebSockets), TCP, and UDP, and the port input range is an integer between 1 and 65535.
          Hidden source site It is the business source site. The Anti-DDoS center forwards requests to the source site, supporting IP or domain name source sites;
          For IP source sites, it supports setting the source site IP operator line. After setting, the back-to-source forwarding cluster will give priority to the source sites matching the same line for forwarding, improving network performance;
          Domain name source site, only HTTP or HTTPS business protocols are supported and only 1 can be configured; Domain name source site, only HTTP or HTTPS business protocols are supported and only 1 can be configured;
          Recommendation: For Anti-DDoS service, configure a hidden source site. After switching to Anti-DDoS, even if the public source site is attacked and causes a black hole, it can still provide normal services and hide the source site.
          Forwarding Policy Round robin: Send requests to back-end servers in turn;
          Minimum number of connections: Prioritize sending requests to the back-end server with the smallest number of connections;
          Source IP: Only when the front-end protocol is configured as TCP and UDP, the requested source IP is hashed and then the request is dispatched to a matching server. This can ensure that requests for the same client IP are always dispatched to a certain server. specific server. The source IP algorithm provides a session persistence mechanism for TCP and UDP listeners.
          1. Create a new TCP/UDP protection service

          Select TCP or UDP for the business protocol and fill in the business port, then fill in the Source site IP and Source site port (the real port where the Source site provides services), and select a forwarding policy.

          image.png

          Note:

          • The TCP/UDP protection service supports association of single or multiple Anti-DDoS IPs under one or multiple Anti-DDoS IP protection instances;
          • For TCP/UDP protection services under the same Anti-DDoS IP, the same business protocol/port can only be added once; if HTTP and HTTPS protocol ports have been configured, the TCP protocol of the corresponding port cannot be added. For example: Anti-DDoS IP: TCP/8080 can only be added once under 111.111.111.111; the HTTP/80 website protection service has been added under 111.111.111.111, and the TCP/80 port protection service cannot be added;
          • The Anti-DDoS center will forward data to the source site, and the TCP/UPD protection service only supports IP source sites. A maximum of 50 IP source sites can be configured, and they cannot be private or special IP addresses such as 127.0.0.1;
          • After you associate an instance with an IPv6 Anti-DDoS IP, you can select an IPv6 Anti-DDoS IP. After selecting, you can configure an IPv4 or IPv6 source site. IPv6 Anti-DDoS IP does not currently support obtaining user IP through TTM;
          • Forwarding strategies include polling, minimum number of connections, and source IP to achieve load balancing of multiple source sites.
          1. Create a new HTTP/HTTPS protection service

          Select HTTP/HTTPS for the business protocol, select HTTP/80, HTTP/443 or a custom protocol port for the port, then fill in the source site IP and source site‘s port (the real port provided by the source site), and finally select a forwarding policy.

          image.png

          Note:

          • When HTTPS is selected, compared to the HTTP protocol, there will be additional HTTPS certificate and HTTPS back-to-source protocol options: HTTPS certificate: The user can select the added certificate, add a new one certificate or purchase SSL certificate; HTTPS back-to-source protocol: You can set the HTTPS business back-to-source protocol to HTTP, and the default is HTTPS.
          • The website protection business supports association of single or multiple Anti-DDoS IPs under one or multiple Anti-DDoS IP protection instances;
          • The source site IP port defaults to the same as the service port and can be customized;
          • The Anti-DDoS center will forward data to the source site, and the HTTPS/HTTPS protection service supports IP source sites or domain name source sites. A maximum of 50 IP source sites can be configured, and the return-to-source IP cannot be private or special IP addresses such as 127.0.0.1; only 1 domain name source site can be configured;
          • IPv6 Anti-DDoS IP does not currently support HTTP/HTTPS service access;
          • Forwarding rules include polling and minimum number of connections to achieve load balancing of multiple source sites.
          Previous
          Pricing
          Next
          View Traffic Report