All Products
Search
Document Center

Anti-DDoS:Configure a health check

Last Updated:Feb 22, 2024

Anti-DDoS Pro and Anti-DDoS Premium provide Layer 4 and Layer 7 health checks for protected non-website services. The health check feature is suitable for services that have more than one origin server IP address. This feature is used to check the availability of the backend servers. After you add a port forwarding rule to Anti-DDoS Pro or Anti-DDoS Premium, you can enable the health check feature for the forwarding rule.

Prerequisites

  • A port forwarding rule for a non-website service is configured on the Port Config page.

    For more information, see Configure port forwarding rules.

  • The IP addresses of origin servers are configured in the port forwarding rule.
    Important If you configure only one IP address of the origin server in a port forwarding rule, we recommend that you do not enable the health check feature.

Background information

The health check feature is suitable for services that have more than one origin server IP address. When Anti-DDoS Pro or Anti-DDoS Premium forwards traffic to backend servers, this feature verifies the availability of the backend servers. Therefore, traffic is forwarded to healthy backend servers to ensure that the services properly run. For more information, see Health check overview.

Enable the health check feature

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Provisioning > Port Config.

  4. On the Port Config page, select the instance, find the forwarding rule that you want to manage, and then click Change in the Health Check column.
    Note To configure the health check feature for more than one forwarding rule at a time, you can select the rules and choose Batch Operations > Create Session Persistence/Health Check Settings. For more information, see Configure session persistence and health checks for more than one forwarding rule.
    Health Check
  5. In the Health Check dialog box, configure the parameters and click Complete.Health Check
    Anti-DDoS Pro or Anti-DDoS Premium allows you to configure Layer 4 and Layer 7 health checks. The following table describes the parameters.
    Note You can configure advanced options for Layer 4 and Layer 7 health checks. You must click Advanced Settings to show advanced options. We recommend that you do not modify the advanced options.
    TypeParameterDescription
    Layer 4 Health CheckPortThe port that the health check feature uses to communicate with the backend server. Valid values: 1 to 65535. By default, the backend port configured for a listener is used.
    Note The Layer 4 health check is suitable for TCP and UDP forwarding rules.
    Layer 7 Health CheckDomain and PathDuring a Layer 7 health check, Anti-DDoS Pro or Anti-DDoS Premium sends an HTTP HEAD request to the default homepage of the origin server.
    Note The Layer 7 health check is suitable only for TCP forwarding rules.

    If you do not want to use the default homepage of the origin server for health checks, you must specify a domain name and a path of the page that you want to check.

    If you have limited the host field for the HTTP HEAD request, you need only to specify a URI for health checks. The Domain parameter is optional. The default value is the IP address of the backend server.

    PortThe port that the health check feature uses to communicate with the backend server. Valid values: 1 to 65535. By default, the backend port configured for a listener is used.
    Advanced SettingsResponse Timeout PeriodThe timeout period of a health check. Valid values: 1 to 30. Unit: seconds. If the backend server does not respond within the specified timeout period, the backend server is unhealthy.
    Check IntervalThe interval between two consecutive health checks. Valid values: 1 to 30. Unit: seconds.
    Note Each scrubbing node in the Anti-DDoS Pro or Anti-DDoS Premium cluster performs health checks on backend servers at the specified interval independently and concurrently. The scrubbing nodes may perform health checks on the same backend server at different points in time. Therefore, the health check records on the backend server do not indicate the time interval specified for the health check.
    Unhealthy ThresholdThe number of consecutive failed health checks performed on a backend server by the same scrubbing node before the backend server is declared as unhealthy. Valid values: 1 to 10.
    Healthy ThresholdThe number of consecutive successful health checks performed on a backend server by the same scrubbing node before the backend server is declared as healthy. Valid values: 1 to 10.
    After the health check feature is enabled, Enabled appears in the Health Check column for the forwarding rule.Enabled

Configure session persistence and health checks for more than one forwarding rule

  1. Log on to the Anti-DDoS Pro console.

  2. In the top navigation bar, select the region of your asset.

    • Anti-DDoS Proxy (Chinese Mainland): If your instance is an Anti-DDoS Pro instance, select Chinese Mainland.

    • Anti-DDoS Proxy (Outside Chinese Mainland): If your instance is an Anti-DDoS Premium instance, select Outside Chinese Mainland.

    You can switch the region to configure and manage Anti-DDoS Pro or Anti-DDoS Premium instances. Make sure that you select the required region when you use Anti-DDoS Pro or Anti-DDoS Premium.

  3. In the left-side navigation pane, choose Provisioning > Port Config.

  4. On the Port Config page, select the instance that you want to manage and choose Batch Operations > Create Session Persistence/Health Check Settings.Create Session Persistence/Health Check Settings
  5. In the Create Session Persistence/Health Check Settings dialog box, enter the required information as shown in the sample file and click OK.Session Persistence/Health Check Settings
    Note You can export health check settings to a TXT file, modify the settings in the TXT file, and then copy and paste the settings to the Create Session Persistence/Health Check Settings dialog box. For more information, see Export multiple port configurations.

    The formats of session persistence and health check settings must meet the following requirements:

    • Each line represents a forwarding rule.
    • From left to right, the fields in each forwarding rule indicate the following parameters: forwarding port, forwarding protocol, session persistence timeout period, health check type, port, response timeout period, check interval, unhealthy threshold, healthy threshold, path, and domain name. The supported forwarding protocols are TCP, HTTP, and UDP. The session persistence timeout period is measured in seconds, and the valid value ranges from 30 to 3600. Fields are separated by spaces.
    • Forwarding ports must be the ports that are specified in forwarding rules.
    • If a forwarding rule uses UDP, we recommend that you configure a UDP health check. If a forwarding rule uses TCP, we recommend that you configure a TCP health check (Layer 4 health check) or HTTP health check (Layer 7 health check).
    • If you configure an HTTP health check, the Path parameter is required, but the Domain parameter is optional.