This addon provides you with an affordable source of Denial Of Service protection.
If you don't know what this is, nor have you been sent an email regarding a nullroute being applied against your IP, it's unlikely you need this :)
Protected IP addresses cost $3.00/month per IP address in all locations we operate.
We provide over 140 million packets-per-second of filtering or over 100gbit/sec for volumetric floods.
This amount of protection is not dedicated to you but is a pool all protected users share from in each location.
Here is an exhaustive list of floods that our filtering helps protect against:
As well as many others. Some protection may require a ticket to be enabled, namely some of the HTTP layer 7 protection.
In some cases we can get custom rules put in place to help, so be sure to let us know if you see a flood passing through.
You can configure your DDOS protection to your preferred mode within Stallion:
In sensing mode
, no filters/blocks are put in place until a DDOS attack is detected. Be aware that this mode isn't perfect and leaks can happen. When a flood is detected, or if you use always on
mode, the following ACL's are enforced:
These ACL's are for the most part set in stone. We can request for ports to be opened but there is no guarantee.
Layer 7 protection connections will come from the following subnets.
93.115.83.64/26 |
93.115.90.64/26 |
5.254.88.64/26 |
5.254.110.0/26 |
5.254.107.0/26 |
5.254.115.128/26 |
5.254.108.64/26 |
You'll need to configure your webserver to assign the users connecting IP from the X_FORWARDING_FOR
field. In NGINX
you'll want to use a setup like:
set_real_ip_from 93.115.83.64/26; set_real_ip_from 93.115.90.64/26; set_real_ip_from 5.254.88.64/26; set_real_ip_from 5.254.110.0/26; set_real_ip_from 5.254.107.0/26; set_real_ip_from 5.254.115.129/26; set_real_ip_from 5.254.108.64/26; real_ip_header X-Forwarded-For;
For Apache 2.2 you'll have to install mod_rpaf to do this for you.
For Apache 2.4 you'll want to install mod_remoteip
. You'll want to configure mod_remoteip
the following way:
RemoteIPHeader X-Real-IP RemoteIPInternalProxy 93.115.83.64/26 RemoteIPInternalProxy 93.115.90.64/26 RemoteIPInternalProxy 5.254.88.64/26 RemoteIPInternalProxy 5.254.110.0/26 RemoteIPInternalProxy 5.254.107.0/26 RemoteIPInternalProxy 5.254.115.129/26 RemoteIPInternalProxy 5.254.108.64/26
Our filtering carries a 99.9% uptime SLA.
This SLA does not cover users getting application layer floods.
While at checkout, or on the product upgrade page, simply enter how many protected IP addresses you want in the 'DDOS protection' field.
DDOS protected IP's are automatically bound at order time. Ordering them at any other time will take anywhere from 5 minutes to a few hours depending on the time of day.
You can find your IP address listed in Stallion.
Please abide by our Terms of Service and Acceptable Use Policy for a list of applications allowed on our network.
TL;DR Camfrog is fine.