By Thomas Poon, Solutions Architect
After successfully building your website, web application, or mobile applications, you need to carefully consider how you would launch your product. This may include network considerations as well as security considerations.
In particular, you may be concerned about protecting your websites or apps against external threats, such as DDoS attacks. While DDoS attacks typically do not sacrifice data privacy, it will make your application unresponsive or even forcing your internet service provider to "blackhole" the whole website.
In this article, I'll show you how to use Alibaba Cloud's Anti-DDoS Premium to protect your critical assets against DDoS attacks. I'll also show you how to accelerate access for Mainland China users to your application hosted outside Mainland China, such as Singapore and Hong Kong, with the new Mainland China Acceleration (MCA) service.
I will be combining several Alibaba Cloud products, including Anti-DDoS Premium, Domain Name Service (DNS), and Object Storage Service (OSS).
The following will be a step-by-step explanation about how to configure the whole setup in under 30 minutes.
We have set up an internet accessible website, hosted on Alibaba Cloud OSS: http://websitetemplate.oss-cn-hongkong.aliyuncs.com
For this tutorial, we'll imagine this is our original website that we wish to protect and accelerate.
Access the Anti-DDoS Premium console, purchase the Anti-DDoS Premium service together with the Mainland China Acceleration instance (you may contact Alibaba Cloud to assist you).
Now we can start configuring the Anti-DDoS + MCA services. Click Provisioning -> Add Website
Complete the setup as below :
Website domain: demo.alibabacloudhk.com (we want end user to use this domain name to access)
Protocol : HTTP (it also supports web socket)
Origin Server : websitetemplate.oss-cn-hongkong.aliyuncs.com (this is our website)
Then click Add Website
The DDoS protection setup is almost complete. Click Return to Website List
You will be able to see that the Domain is configured to Anti-DDoS and MCA instance IPs.
Next we will configure the MCA, so that for China Mainland users will use the MCA first, and fail-over to Anti-DDoS IP if MCA is under attack.
Switch to the Security Traffic Manager tab and click Add Rule
Add the MCA rule in which the MCA IP has a high priority and the Anti-DDoS IP is low Priority.
The Security Traffic Manager will generate a CNAME record, which is responsible for the traffic fail-over between the MCA IP and then Anti-DDoS Premium IP address if necessary.
Now we will configure the DNS service, so the user will be able to resolve demo.alibabacloudhk.com to MCA and Anti-DDoS Premium.
Go to the Alibaba Cloud DNS service console. Under Domains, click on your domain name.
Click Add Record, and then set the demo.alibabacloudhk.com as CNAME "58nz89begh5mzq5d.scommander.com"
You can find any machine located in China, to ping the hostname, you will find the hostname will first resolved to the CNAME, and then connect to the MCA with extremely fast speed ( ~ 31ms from Shanghai to Hong Kong ).
The procedures just configured the following architecture.
Now your website is protected by Alibaba Cloud's Anti-DDoS Premium service, and accelerated to Mainland China users as well.
Technical Analysis of the Alibaba Cloud Self-Diagnostic System
2,599 posts | 762 followers
FollowAlibaba Clouder - June 12, 2019
Thomas KW Poon - March 11, 2020
Thomas KW Poon - February 23, 2021
Alibaba Clouder - April 8, 2021
Alibaba Clouder - June 26, 2019
Alibaba Clouder - June 13, 2019
2,599 posts | 762 followers
Follow
WAF(Web Application Firewall)
A cloud firewall service utilizing big data capabilities to protect against web-based attacks
Learn More
OSS(Object Storage Service)
An encrypted and secure cloud storage service which stores, processes and accesses massive amounts of data from anywhere in the world
Learn MoreMore Posts by Alibaba Clouder
