<p class="shortdesc">若您的源站IP已泄露，您的网站可能被绕过高防IP直接被攻击，建议域名添加完成后更换源站IP，您可以通过NAT网关或ELB进行更换。</p> <section class="section" id="dc_ddos_cfg_0017__section_u34_y4b_1nb"><h2 class="doc-tairway">单台服务器ECS通过NAT网关更换源站IP</h2> <div class="p"> <ol class="ol" id="dc_ddos_cfg_0017__ol_bf1_bpb_1nb"> <li class="li">申请弹性公网IP，可参考弹性公网IP操作指南中的<a class="xref" href="https://www.ocftcloud.com/ssr/help/network/EIP/og.EIP.createip" target="_blank">创建弹性公网IP实例</a>。</li> <li class="li">解绑您现有业务所使用NAT网关的弹性公网IP，该IP可能已泄露。可参考NAT网关操作指南中的<a class="xref" href="https://www.ocftcloud.com/ssr/help/network/NAT_Gateway/quick_start.EIP_management.Unbind_IP" target="_blank">解绑弹性公网IP</a>。<div class="p"> <img class="image" id="dc_ddos_cfg_0017__image_as3_smy_dnb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220811172415-1d8d83b0921e.png" width="830"> </div></li> <li class="li">NAT实例绑定新申请的弹性公网IP，可参考NAT网关操作指南中的<a class="xref" href="https://www.ocftcloud.com/ssr/help/network/NAT_Gateway/quick_start.EIP_management.Binding_IP" target="_blank">绑定弹性公网IP</a>。<div class="p"> <img class="image" id="dc_ddos_cfg_0017__image_gv1_1ny_dnb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220811172415-181667c798cc.png" width="830"> </div></li> <li class="li">配置NAT网关中的DNAT规则，可参考NAT网关操作指南中的<a class="xref" href="https://www.ocftcloud.com/ssr/help/network/NAT_Gateway/quick_start.dnat.cdr" target="_blank">创建DNAT规则</a>。</li> <li class="li">切换到<a class="xref" href="https://www.ocftcloud.com/console/ddos" target="_blank">DDoS防护控制台</a>，在<span class="keyword wintitle">网站高防</span>页面目标网站域名<span class="ph uicontrol">操作</span>列单击<span class="ph uicontrol">编辑</span>，在<span class="keyword wintitle">编辑网站</span>页面，修改更换<span class="ph uicontrol">源站IP</span>为刚刚申请的公网IP即可。<figure class="fig fignone" id="dc_ddos_cfg_0017__fig_fdf_gr3_1nb"><figcaption xmlns:table="http://dita-ot.sourceforge.net/ns/201007/dita-ot/table" xmlns:dita-ot="http://dita-ot.sourceforge.net/ns/201007/dita-ot" class="figcap"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number">1</span> </span>新申请的公网IP</figcaption> <img class="image" id="dc_ddos_cfg_0017__image_gdf_gr3_1nb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220811172415-131c4ae59c12.jpg" width="830"> </figure><figure class="fig fignone" id="dc_ddos_cfg_0017__fig_ksh_3r3_1nb"><figcaption xmlns:table="http://dita-ot.sourceforge.net/ns/201007/dita-ot/table" xmlns:dita-ot="http://dita-ot.sourceforge.net/ns/201007/dita-ot" class="figcap"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number">2</span> </span>需更换的源站IP</figcaption> <img class="image" id="dc_ddos_cfg_0017__image_lsh_3r3_1nb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220811172415-154775209dd2.jpg"> </figure></li> </ol> </div> </section> <section class="section" id="dc_ddos_cfg_0017__section_sy2_fpb_1nb"><h2 class="doc-tairway">多台服务器ECS通过ELB更换源站IP</h2> <div class="p"> <ol class="ol" id="dc_ddos_cfg_0017__ol_gjs_gpb_1nb"> <li class="li">创建新的负载均衡实例，可参考负载均衡ELB操作指南中的<a class="xref" href="https://www.ocftcloud.com/ssr/help/network/elb/manual.elbinstance.createpublicinstance" target="_blank">创建负载均衡实例</a>。<div class="note note note_note"><span class="note__title">说明：</span> 创建时应注意选择和现有ELB相同的地域、可用区和VPC信息。</div></li> <li class="li">在现有ELB实例中释放捆绑的监听器和服务器资源，可参考负载均衡ELB操作指南中的<a class="xref" href="https://www.ocftcloud.com/ssr/help/network/elb/manual.listener.deletelistener" target="_blank">删除监听器</a>和<a class="xref" href="https://www.ocftcloud.com/ssr/help/network/elb/manual.serverpool.deletepool" target="_blank">删除服务器资源池</a>。<div class="p"> <img class="image" id="dc_ddos_cfg_0017__image_y2s_g4y_dnb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220811172415-1c3de4e69715.png" width="830"> <img class="image" id="dc_ddos_cfg_0017__image_wv4_h4y_dnb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220811172415-13ecc4ff9cff.png" width="830"> </div></li> <li class="li">在新创建的负载均衡实例中配置监听器，及服务器资源池绑定应用主机，可参考负载均衡ELB操作指南中的<a class="xref" href="https://www.ocftcloud.com/ssr/help/network/elb/manual.listener.createlistener.createtcplistener1" target="_blank">创建监听器</a>和<a class="xref" href="https://www.ocftcloud.com/ssr/help/network/elb/manual.serverpool.createpool1" target="_blank">创建服务器资源池</a>。</li> <li class="li">切换到<a class="xref" href="https://www.ocftcloud.com/console/ddos" target="_blank">DDoS防护控制台</a>，在<span class="keyword wintitle">网站高防</span>页面目标网站域名<span class="ph uicontrol">操作</span>列单击<span class="ph uicontrol">编辑</span>，在<span class="keyword wintitle">编辑网站</span>页面，修改更换<span class="ph uicontrol">源站IP</span>为刚刚创建ELB生成的公网IP。<figure class="fig fignone" id="dc_ddos_cfg_0017__fig_ytb_lr3_1nb"><figcaption xmlns:table="http://dita-ot.sourceforge.net/ns/201007/dita-ot/table" xmlns:dita-ot="http://dita-ot.sourceforge.net/ns/201007/dita-ot" class="figcap"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number">3</span> </span>新申请的公网IP</figcaption> <img class="image" id="dc_ddos_cfg_0017__image_ztb_lr3_1nb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220811172415-1a52dd39975c.jpg" width="830"> </figure><figure class="fig fignone" id="dc_ddos_cfg_0017__fig_vdq_4r3_1nb"><figcaption xmlns:table="http://dita-ot.sourceforge.net/ns/201007/dita-ot/table" xmlns:dita-ot="http://dita-ot.sourceforge.net/ns/201007/dita-ot" class="figcap"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number">4</span> </span>需更换的源站IP</figcaption> <img class="image" id="dc_ddos_cfg_0017__image_wdq_4r3_1nb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220811172415-154775209dd2.jpg"> </figure></li> </ol> </div> </section>