Non-website Protection

最終更新日:2024-10-25 11:07:42

This page guides you to add your Non-website applications (Based on TCP&UDP) for Layer 4 acceleration and protection.

Preparations

  1. Flood Shield 2.0 service has been purched and enabled.
  2. The resource has been applied and deployed by CDNetworks Technical Support.
  3. CDNetworks account has been created.
  4. Log in to the CDNetworks Console, find Flood Shield 2.0 in use under Subscribed Products, and Click to enter.

Step1: Add port forwarding rule

1. Create the rule

  1. Navigate to the Assets > Port Configuration.
  2. Click Create Rule.

2. Configure rule information

On the Create Rule page, you can configure the following parameters:

Parameter Description
Protocol Type Supports TCP and UDP. 
Protected Port
The port used to forward traffic. You can add it by "Port" or "Port Range".  
Note: 
1. Ports number 80, 8080, 443, 8443 and 65535 are not supported here, you can configure them in the menu of 'Domain Settings'.
2. The same protocol cannot share the same port number. You should configure a different port number if using the same protocol. 
3. For each rule, port range cannot exceed 10 ports. 
Origin Port The port of the origin server. Origin port range should be the same as protected port range. For example: If protected port range is 1000-1001, the origin port range should be set to 1000-1001 by system.
Back-to-Origin Mode
Supports Fast, Polling, and Hash. 
Algorithm:
- Fast:  Focus on servers' response speed, the capacity to handle traffic to ensure high performance and high availability services.
- Polling: Distribute requests across multiple servers in a circular order to ensure each server gets an equal opportunity to respond to them. 
- Hash: Distribute requests among processing servers by computing hash values. 
Origin IP/Domain  The IP address/Domain name of the origin server.

You also can batch create the rules by clicking Create Rule > Batch Create. There are two ways can be used:

  • Enter rules in the dialog box. Remember to break lines for different rules.

Example: TCP 101 101 1 1.1.1.1;2.2.2.2, from left to right: protocol type(TCP/UDP),protected port/port range, origin port/port range,back-to-origin forwarding mode(1:fast,2:polling,3:hash),origin IPs/domains (Separate mutiple IPs/domains with space).

  • Import .txt file. The format is same as the above example.

3. Confirm rule deploy status

  1. Go back to the Port Configuration page
  2. Check Deploy Status: After the rule is created and issued, the Deploy Status of the configuration will first be displayed as “Deploying”, after the rule takes effect, it will be updated to “Deployed Successfully”.

Step2: Enable Non-website protection

After port forwarding rule is created and deployed successfully, you should set the DNS resolution of the service domain name to a CNAME record, to enable the Non-website protection service. The value of CNAME is shown at the top of the rule list:
[Feature Upgrade] Advanced Access Control