Products



Anti-DDoS Pro

Documentation > Anti-DDoS Pro > Non-web Service Forwarding Rules

Product

Non-web service forwarding rules

Non-web service is used to protect users’ IP addresses. It only supports Layer 4 forwarding rather than Layer 7 protection. For example, it does not support CC Protection.

Precondition

You have successfully purchased Anti-DDoS Pro and the billing status is normal.

Operation Steps

Select a purchased instance. Click "Instance Name" or "Forwarding Configuration" in the operation bar to enter the forwarding configuration page.
On the forwarding configuration page, you can configure forwarding rules according to the business conditions. Here you can configure up to 60 forwarding rules.
Click on the "Add" button, and configure the forwarding rules according to the following pop-up prompts. We support the configuration of TCP and UDP protocols.

The rule configuration fields are explained as follows:

Anti-DDoS Pro: Purchasing a BGP line: supports the selection of Anti-DDoS Pro's BGP IP address. If you purchase multiple BGP IPs, you can forward service traffic from different origin servers to different BGP IPs for protection.
Forwarding protocol: Supports the selection of TCP/UDP protocol.
Forwarding ports: Supports the configuration of IP Anti-DDoS Pro forwarding ports. It is recommended that the port be the same as the origin server port. The port that has been configured in the web service forwarding rules cannot be configured repeatedly in the non-web service forwarding rules.
Forwarding rules: Supports round robin, weighted round robin, and origin IP hash.
Back-to-origin method: Supports the selection of back-to-origin IP or back-to-origin domain name. The back-to-origin IP (in-cloud + out-of-cloud) supports 20 IP addresses, while the back-to-origin domain name supports 1. Note that an intranet address cannot be filled as an origin server IP. If the origin server is in Hong Kong, Macao, Taiwan or overseas area, please confirm whether the network latency and stability meet the requirements. If the latency is too high, timeout may occur when accessing to Anti-DDoS Pro. In this scenario, you are recommended to use the overseas line of JD Cloud SCDN products.
Origin server port: Service port of the user origin server.
Backup IP: A backup IP is not required. If a backup IP is configured, in case of non-DDoS attack, the back-to-origin mode is enabled, and the Anti-DDoS Pro CNAME will point to this IP. It is recommended that the backup IP be the one for daily external display, and the back-to-origin IP be the one that is not displayed externally. Configuring an backup IP can ensure the invisibility and high availability of the origin server. Please refer to the flow chart in Product Design Instruction below.

After the non-web service forwarding rules are successfully created, in the rule list, click to copy CNAME, and you can modify the resolution in DNS to switch the traffic to Anti-DDoS Pro. For details, refer to Update DNS Resolution
Multiple non-web service forwarding rules support sorting by forwarding port. By default, they are sorted by creation time. Click the button in the figure to sort in ascending or descending order. Click the blank space next to the button to restore the default sorting by creation time. The non-web service forwarding rules of BGP lines will first be aggregated according to different ports of the same Anti-DDoS Pro IP, and then sorted in ascending or descending order based on ports.
Non-web service forwarding rules support bulk deletion and switching between protection/back-to-origin modes.