This page guides you to add your domain and configure security policies to quickly start your websites protection. The security capabilities includes DDoS Protection, Web Application Firewall, Bot Management, and API Protection, which can provide a unified and comprehensive solution for your websites.

Preparations

1. Flood Shield 2.0 service has been purched and enabled.
2. The resource has been applied and deployed by CDNetworks Technical Support.
3. CDNetworks account has been created.
4. Log in to the CDNetworks Console, find Flood Shield 2.0 in use under Subscribed Products, and Click to enter.

Step1: Add your domain

1. Create the domain

1. Navigate to the Domain Settings.
2. Click Create New Domain.

2. Configure domain information

Contract-item
Choose the product and contract associated with the new domain. Once the domain is added, it will automatically be assigned to the contract control group.

Domain Type
Choose Domain or Domain Alias (a substitute name for a domain, typically used to point multiple domains to the same network service or website).

Customized Control Group
A customized control group is a collection of domains you select. By choosing a customized control group, the newly added domain is included in this collection. With the domains in the same control group, you can manage these domains and view their analysis data by selecting control group.

Domain

• Acceleration domains generally use subdomains or wildcard domains. For example, *.cdnetworks.com is a wildcard domain, console.cdnetworks.com, and www.cdnetworks.com are its subdomains or second-level domains, cdn.console.cdnetworks.com is a third-level domain.
• If you need to add a wildcard domain, please enter .cdnetworks.com, for example. Once the wildcard domain is created, CDNetworks will by default also provide acceleration services for second-level domains under the wildcard domain, but not for third-level domains, which need to be added separately.
• Wildcard domains and subdomains must be under the same account.

Back-to-Origin IP/Domain

• Own Origin: Enter either IP or domain, choose one.
  • Back-to-Origin IP: Support for entering up to 64 IPs, separated by ;. Supports IPv4 and IPv6.
  • Back-to-Origin Domain: Only one domain can be configured.
• WCS Origin: Customers using CDNetworks object storage as the origin can directly choose to go back to the WCS origin by clicking on WCS origin.

Operation

• Delete: Remove the corresponding domain configuration.
• Back-to-Origin Detection: Enter a URL to verify the origin’s availability. This test is triggered once upon clicking “Detect” and is not performed periodically.
• Add: Add a new domain configuration.
• Batch Add: Allows the addition of multiple domains with the same back-to-origin IP/Domain in bulk.

Up to 300 domains can be added at once, separated by line breaks; multiple back-to-origin IPs can be added, separated by ;.

Acceleration Region
If the contract’s region includes China, an Acceleration Region option will appear. Select Including Mainland China or Excluding Mainland China based on the domain’s required service area.

• Selecting Including Mainland China means prioritizing Mainland China nodes in the CDN acceleration service. According to the Ministry of Industry and Information Technology regulations, the domain must pass a filing review. Upon domain addition submission, the system also conducts a filing check. For details, see the “Submit Configuration” section below.
• Selecting Excluding Mainland China means the system will not perform a filing check, and Mainland China nodes will not provide acceleration services for the domain.

Acceleration Configuration

• Copying settings from an existing domain: Add your domain Certificate and select an existing domain as a reference, applying its configuration to the new domain.

Tips:
These configurations cannot be applied to the new domain by referencing an existing domain: Basic Origin, Advanced Origin, Back-to-Origin Request Host, Back-to-Origin Request Port, Forward Client IP.
After selecting a domain, you can view its current configurations. This view only displays general console configurations. For special configurations done by technical support, please contact technical support.

• Customized settings: Add your domain Certificate and select a Resouce Group to apply

Resource Group is used for resource isolation. A scenario is if a domain in a IP group is attacked, the domain of other IP groups will not be affected. If you need this function, please firstly contact technical support for resource apply.

3. Submit configuration

After you have completed setting the configurations, please click Submit to submit your configuration.

If you selected Including Mainland China for the Acceleration Region, the system will perform a ICP filing check on the domain you submitted.

• If the ICP filing check is passed, it will show “with ICP filing”. You can select all filed domains and click Submit to submit the configuration.
• If the ICP filing check is not passed, it will remind that the domain is “without ICP filing”. Please complete the domain’s ICP filing before submission; if you click Submit without completing the ICP filing, the configuration will be forwarded to manual review, and the domain status will show “Reviewing”. Domains under manual review, utilizing Mainland China acceleration services, will fail to be added if the manual review does not uncover ICP filling.

Tips: If the status of the newly added domain remains “Reviewing” for more than 5 minutes after submission, it may be due to the following reasons, please contact technical support for assistance.

• Domain for acceleration in China has not been filed, please file the domain first.
• The domain has special configurations that cannot be audited automatically.
• The main domain of the new domain already exists under another customer, causing a domain conflict.
• There is a configuration conflict between the new domain and the referenced domain.

4. Deploy on production

After the configuration review is passed, the platform will dispatch the domain configuration information to the online nodes and make it effective within 1~2 minutes, and the platform will also send an email notifying the successful addition of the new domain to your mailbox. You can also view the progress of adding a domain in the Domain Settings, where the status of Enabled indicates that the domain has been successfully added.

After deployment is effective, the system will assign a corresponding CNAME address to you, and you need to complete the CNAME configuration for the acceleration service to take effect. Refer to Configure the CNAME Record for details.

Step2: Configure security policy

1. Select hostname you want to protect

1. Navigate to the Securiy > Configurations > Policies.
2. Click +Protected Hostname.
3. Select hostnames you want to protect from existing hostnames using CDN service.
4. Click Next.

2. Select initial policies

1. Select the initial policies for the hostname, choose the method according to your needs:

   • Recommended default policies: Default configurations pre-built by the system, with protection capabilities that are ready to use out of the box. You can test and fine-tune these configurations according to your needs.
   • Duplicate policies from an existing hostname: Choose a hostname that has been added before as a reference. The newly connected hostname will use the same protection policies as the reference hostname.

-Tips: The automatically generated protection thresholds and rules dynamically generated by systems like recommendations of the WAF’s managed rule exception and Adaptive Protection for application layer DDoS protection will not be referenced.

2. Click Next.

3. Confirm initial policies

1. When you select Recommended default policies for policies initialization:

• If there are no special protection needs, you can keep the default policy, and then view the protection details through the report and logs to optimize the policy;
• If there are special protection needs, you can adjust the Mode or Action for different protection modules. Please refer to each policy configuration description:
  • Set the DDoS Protection Policies
  • Set Bot Management Policies
  • Set WAF Policies
  • Threat Intelligence

2. When you select Duplicate policies from an existing hostname to initialize the policies, confirm whether the policy of the reference hostname meets the expectations.
3. Click Next Step to finish security configuration, the protection will be issued.

4. Confirm configuration publishing status

1. Go back to the Policies page
2. Check Publishing Status: After the configuration is created and issue, the Publishing Status of the configuration will first be displayed as “Accessing”, then “Publishing”, after the configuration takes effect, it will be updated to “Success”.