1.3 Add forwarding rules

Add domain forwarding rules

Purchase high defense->Select “Huadong BGP Yangzhou” route high defense->Purchase successful->Details->IP Management->Manage. Configure domain forwarding policy, CC protection rules.

Add IP or TCP forwarding rules

Purchase high defense->Choose the corresponding line high defense->Purchase successful->Details->IP Management->Add IP->Confirm->High defense IP added successfully.

Click Rule Management----Add Rule, you can configure the forwarding rules of the high defense IP.

Note: 
Each high-defense IP can configure up to 50 forwarding rules, and up to 10 load mode rules can be configured.

Source mode:

• IP address: the source station is in the form of IP.

• Domain name: The source station is in domain name format, and the domain name needs to be normally resolved to the IP address.

  Note: Only Zaozhuang BGP High Defense supports two return source modes at the same time, other High Defense only supports the IP address return source mode

Load mode:

• No Load: High defense IP + port corresponds to source station IP + port for forwarding.
  • IP address return source: Each non-load forwarding rule can configure up to 1 source station.
  • Domain return source: Does not support configuration of non-load forwarding rules.
• Load: The traffic accessing high-defense IP + port is polled in the source station pool.
  • IP address return source: Each load forwarding rule can configure up to 31 source stations.
  • Domain return source: Each load forwarding rule can be configured with up to 8 source domain names.

Source Station IP Port: The real business server’s IP and port, which supports hosts from non-UCloud Global platforms. It is recommended to use a source station IP that has never been used before to access high defense, to avoid the exposure of the previous source station IP leading to hackers bypassing the high defense and directly attacking the source station.

Advanced settings: If it is not checked, you can only configure one-to-one IP forwarding between high defense IP and source station IP. After checking, you can configure TCP port forwarding between high defense IP and source station IP.

Protocol type:

• IP: High defense IP and source station IP carry out one-to-one IP forwarding.
• TCP: The high protection IP and the source station IP perform TCP port forwarding.

High Defense IP Port: The high defense IP and port that provide services to the outside world.

TOAID: The source station TOA module will get the user’s real IP from this ID through TCP option. The default value of the TOA module provided by UCloud Global is 200.

 TOA module installation method reference: https://docs.ucloud.cn/uantiddos/uads/faq/howtogetip

After configuring the subsequent forwarding rules. Switch the business to high defense IP or resolve the domain name to high defense domain name through cname’s way to complete the business switch.