User Tools

Site Tools


ddos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ddos [2015/04/04 13:03]
Francisco Dias [What extra features do you include?]
ddos [2016/05/08 02:24] (current)
Francisco Dias [What subnets does the the Layer 7 protection use?]
Line 74: Line 74:
 These ACL's are for the most part set in stone. We can request for ports to be opened but there is no guarantee. These ACL's are for the most part set in stone. We can request for ports to be opened but there is no guarantee.
  
 +===== What subnets does the the Layer 7 protection use? =====
 +
 +Layer 7 protection connections will come from the following subnets.
 +
 +
 +| 93.115.83.64/​26 |
 +| 93.115.90.64/​26 |
 +| 5.254.88.64/​26 |
 +| 5.254.110.0/​26 |
 +| 5.254.107.0/​26 |
 +| 5.254.115.128/​26 |
 +| 5.254.108.64/​26 |
 +
 +You'll need to configure your webserver to assign the users connecting IP from the ''​X_FORWARDING_FOR''​ field. In ''​NGINX''​ you'll want to use a setup like:
 +
 +<​code>​
 +
 +set_real_ip_from 93.115.83.64/​26;​
 +set_real_ip_from 93.115.90.64/​26;​
 +set_real_ip_from 5.254.88.64/​26;​
 +set_real_ip_from 5.254.110.0/​26;​
 +set_real_ip_from 5.254.107.0/​26;​
 +set_real_ip_from 5.254.115.129/​26;​
 +set_real_ip_from 5.254.108.64/​26;​
 +real_ip_header X-Forwarded-For;​
 +
 +</​code>​
 +
 +For Apache 2.2 you'll have to install [[https://​github.com/​gnif/​mod_rpaf|mod_rpaf]] to do this for you. 
 +
 +For Apache 2.4 you'll want to install ''​mod_remoteip''​. You'll want to configure ''​mod_remoteip''​ the following way:
 +
 +<​code>​
 +
 +RemoteIPHeader X-Real-IP
 +RemoteIPInternalProxy 93.115.83.64/​26
 +RemoteIPInternalProxy 93.115.90.64/​26
 +RemoteIPInternalProxy 5.254.88.64/​26
 +RemoteIPInternalProxy 5.254.110.0/​26
 +RemoteIPInternalProxy 5.254.107.0/​26
 +RemoteIPInternalProxy 5.254.115.129/​26
 +RemoteIPInternalProxy 5.254.108.64/​26
 +
 +</​code>​
 ===== Is there an SLA? ===== ===== Is there an SLA? =====
  
ddos.1428177780.txt.gz · Last modified: 2015/04/04 13:03 by Francisco Dias