User Tools

Site Tools


ddos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ddos [2014/06/03 13:35]
Francisco Dias [What types of floods does it protect against?]
ddos [2016/05/08 02:24] (current)
Francisco Dias [What subnets does the the Layer 7 protection use?]
Line 13: Line 13:
 ===== How much filtering is provided? ===== ===== How much filtering is provided? =====
  
-We provide ​up to 8,​000,​000 ​packets-per-second of filtering or 20gbit/sec for volumetric floods.+We provide ​over 140 million ​packets-per-second of filtering or over 100gbit/sec for volumetric floods.
  
 This amount of protection is **not** dedicated to you but is a pool all protected users share from in each location. This amount of protection is **not** dedicated to you but is a pool all protected users share from in each location.
Line 61: Line 61:
 In some cases we can get custom rules put in place to help, so be sure to let us know if you see a flood In some cases we can get custom rules put in place to help, so be sure to let us know if you see a flood
 passing through. passing through.
 +
 +===== What extra features do you include? =====
 +
 +You can configure your DDOS protection to your preferred mode within Stallion:
 +
 +{{:​ddos1.png?​400|}} {{:​ddos2.png?​400|}}
 +
 +In ''​sensing mode'',​ no filters/​blocks are put in place until a DDOS attack is detected. Be aware that this mode isn't perfect and leaks can happen. When a flood is detected, or if you use ''​always on''​ mode, the following ACL's are enforced:
 +
 +{{:​voxacl.png|}}
 +
 +These ACL's are for the most part set in stone. We can request for ports to be opened but there is no guarantee.
 +
 +===== What subnets does the the Layer 7 protection use? =====
 +
 +Layer 7 protection connections will come from the following subnets.
 +
 +
 +| 93.115.83.64/​26 |
 +| 93.115.90.64/​26 |
 +| 5.254.88.64/​26 |
 +| 5.254.110.0/​26 |
 +| 5.254.107.0/​26 |
 +| 5.254.115.128/​26 |
 +| 5.254.108.64/​26 |
 +
 +You'll need to configure your webserver to assign the users connecting IP from the ''​X_FORWARDING_FOR''​ field. In ''​NGINX''​ you'll want to use a setup like:
 +
 +<​code>​
 +
 +set_real_ip_from 93.115.83.64/​26;​
 +set_real_ip_from 93.115.90.64/​26;​
 +set_real_ip_from 5.254.88.64/​26;​
 +set_real_ip_from 5.254.110.0/​26;​
 +set_real_ip_from 5.254.107.0/​26;​
 +set_real_ip_from 5.254.115.129/​26;​
 +set_real_ip_from 5.254.108.64/​26;​
 +real_ip_header X-Forwarded-For;​
 +
 +</​code>​
 +
 +For Apache 2.2 you'll have to install [[https://​github.com/​gnif/​mod_rpaf|mod_rpaf]] to do this for you. 
 +
 +For Apache 2.4 you'll want to install ''​mod_remoteip''​. You'll want to configure ''​mod_remoteip''​ the following way:
 +
 +<​code>​
 +
 +RemoteIPHeader X-Real-IP
 +RemoteIPInternalProxy 93.115.83.64/​26
 +RemoteIPInternalProxy 93.115.90.64/​26
 +RemoteIPInternalProxy 5.254.88.64/​26
 +RemoteIPInternalProxy 5.254.110.0/​26
 +RemoteIPInternalProxy 5.254.107.0/​26
 +RemoteIPInternalProxy 5.254.115.129/​26
 +RemoteIPInternalProxy 5.254.108.64/​26
 +
 +</​code>​
 ===== Is there an SLA? ===== ===== Is there an SLA? =====
  
 Our filtering carries a 99.9% uptime SLA. Our filtering carries a 99.9% uptime SLA.
  
-This SLA does not cover users getting application layer floods ​or floods that far exceed the above specifications (read: Don't expect credit just because you got a 20gbit/sec+ flood). +This SLA does not cover users getting application layer floods.
 ===== Where can I order a DDOS protected IP address? ===== ===== Where can I order a DDOS protected IP address? =====
  
-While at checkout, or on the product upgrade page, simply enter how many protected IP addresses you want in the 'Aegis DDOS protection'​ field.+While at checkout, or on the product upgrade page, simply enter how many protected IP addresses you want in the 'DDOS protection'​ field.
  
 ===== How long do I have to wait to be activated? ===== ===== How long do I have to wait to be activated? =====
ddos.1401827730.txt.gz · Last modified: 2014/06/03 13:35 by Francisco Dias