Advanced DDoS Mitigation
For clients requiring added network protection, we offer Advanced DDoS Protection for detecting and blocking attacks on the application level (L7).
How It Works
L7 protection is provided by proxying requests to client applications through a filtering system that analyzes and cleans traffic.
Clients who order Advanced DDoS Protection are given 2 IP addresses. The first address (let’s say 184.108.40.206 for this example) is registered by the client on their side, and the second (we’ll say 220.127.116.11) is registered on the filtration side. The client then has to add the corresponding DNS record, for example:
www.example.com A 18.104.22.168
If the client uses an SSL certificate, they will also have to disclose their key.
All incoming Internet traffic enters 22.214.171.124, is analyzed and cleaned, and then gets forwarded to 126.96.36.199.
All outgoing traffic from 188.8.131.52 also passes through the filtering system and can be traced from 184.108.40.206:
The hardware and software based filtering system includes tools for balancing loads and raising fault-tolerance. Let’s say we have an application that is accessible from the Internet at www.site.com.
The application’s backend is spread across multiple servers that are connected to the system:
The load balancer passively monitors backend servers: it doesn’t open any new connections or query the application, but instead snoops on responses to the client. For example, if the client requests specific content and the response contains an error message, then the system can draw a conclusion regarding the server’s availability or ability to process requests. The load balancer can also invoke additional monitoring and send its own requests to the application. If these requests are processed with an error, the server will be considered unavailable and all of its requests will be forwarded to a neighboring server.
Load balancing uses a Round Robin algorithm by default, but other algorithms and methods can be implemented if necessary.
How to Order
The service can be ordered from our control panel. Our tech support staff will send you a questionnaire where you can describe your exact security requirements. We’ll develop the optimal defense strategy based on this information and your project’s specifications.
Advanced DDoS Protection is enabled within one to two days, all you have to do is add the required DNS records.
Two factors are considered when calculating the service cost: the number of protected applications and the amount of traffic filtered.
- Service setup — free
- Application security (per app) — 15 000 rubles/month (per application)
- Filtered traffic — current Anti DDoS prices