This addon provides you with an affordable source of Denial Of Service protection.
If you don't know what this is, nor have you been sent an email regarding a nullroute being applied against your IP, it's unlikely you need this :)
Protected IP addresses cost $3.00/month per IP address in all locations we operate.
We provide over 140 million packets-per-second of filtering or over 100gbit/sec for volumetric floods.
This amount of protection is not dedicated to you but is a pool all protected users share from in each location.
Here is an exhaustive list of floods that our filtering helps protect against:
As well as many others. Some protection may require a ticket to be enabled, namely some of the HTTP layer 7 protection.
In some cases we can get custom rules put in place to help, so be sure to let us know if you see a flood passing through.
You can configure your DDOS protection to your preferred mode within Stallion:
sensing mode, no filters/blocks are put in place until a DDOS attack is detected. Be aware that this mode isn't perfect and leaks can happen. When a flood is detected, or if you use
always on mode, the following ACL's are enforced:
These ACL's are for the most part set in stone. We can request for ports to be opened but there is no guarantee.
Layer 7 protection connections will come from the following subnets.
You'll need to configure your webserver to assign the users connecting IP from the
X_FORWARDING_FOR field. In
NGINX you'll want to use a setup like:
set_real_ip_from 126.96.36.199/26; set_real_ip_from 188.8.131.52/26; set_real_ip_from 184.108.40.206/26; set_real_ip_from 220.127.116.11/26; set_real_ip_from 18.104.22.168/26; set_real_ip_from 22.214.171.124/26; set_real_ip_from 126.96.36.199/26; real_ip_header X-Forwarded-For;
For Apache 2.2 you'll have to install mod_rpaf to do this for you.
For Apache 2.4 you'll want to install
mod_remoteip. You'll want to configure
mod_remoteip the following way:
RemoteIPHeader X-Real-IP RemoteIPInternalProxy 188.8.131.52/26 RemoteIPInternalProxy 184.108.40.206/26 RemoteIPInternalProxy 220.127.116.11/26 RemoteIPInternalProxy 18.104.22.168/26 RemoteIPInternalProxy 22.214.171.124/26 RemoteIPInternalProxy 126.96.36.199/26 RemoteIPInternalProxy 188.8.131.52/26
Our filtering carries a 99.9% uptime SLA.
This SLA does not cover users getting application layer floods.
While at checkout, or on the product upgrade page, simply enter how many protected IP addresses you want in the 'DDOS protection' field.
DDOS protected IP's are automatically bound at order time. Ordering them at any other time will take anywhere from 5 minutes to a few hours depending on the time of day.
You can find your IP address listed in Stallion.