Skip to content

TCP/UDP Forwarding

Layer 4 Access

After activating the service, log in to the Cloud Protection console, navigate to 【Layer 4 Defense】->【Forwarding Rules】 to add domains. Rule additions will deploy configurations to Cloud Protection nodes without directly affecting your live network operations. To officially enable Cloud Protection, CNAME configuration is required. For specific steps, refer to Configure CNAME.

Forwarding Rules

On the Forwarding Rules page, click 【Add Rule】. As shown below:

Configuration Details:

​Instance:​
Select a purchased plan from the dropdown menu. Multiple orders may have multiple instances—ensure you choose the correct one for addition (contact sales for plan options).

​Forwarding Protocol​

  1. Choose either TCP or UDP protocol.
    Select TCP for TCP protocols and UDP for UDP protocols.

​Forwarding Port​

  1. This port is for external access.
  2. Users can customize ports (e.g., 8080, 8443). Notes:
  3. Port range: 1–1000.
  4. Certain ports used by Cloud Protection services are unsupported (e.g., 22, 25, 75, 76, 77, 161).

​Origin Address​

  1. The origin address can be a domain or IP, with multiple origin addresses allowed. TCP/UDP protection typically uses IPs.
  2. Domain length must not exceed 50 characters.
  3. Domains can be subdomains (e.g., a.test.com, a.b.test.com) or wildcard domains (e.g., *.test.com, *.a.test.com).

​Origin Port​

  1. This port is for origin return.
  2. Users can customize ports (e.g., 8080, 8443). Notes:
  3. Port range: 1–1000.

​Session Persistence​

  1. Keep the default setting.

​Proxy Protocol​

  1. To obtain the client's real IP, enable this and configure the origin address with PP protocol. Otherwise, Cloud Protection nodes will report errors.

​Rate Limiting​

  1. Enter 1 for 1 request/second or 5 for 5 requests/second. Adjust for attack frequency.

Completion

Click 【Submit】 to finish adding domains. Allow 5–10 seconds for configurations to deploy to Cloud Protection nodes.
Note:
After completion, Cloud Protection will assign a CNAME address. You must configure the CNAME for the service to take effect.

For details, see CNAME Configuration.