Skip to main content

DDoS Guard website protection and acceleration

Last update:

Web site protection and acceleration — a solution based on a partner product from DDoS-Guard.

The service allows you to block attacks on web applications and sites, and accelerate your application or site using CDN and load balancing.

The service is provided independently and does not require the connection of a network-level protection service.

Principle of operation

When ordering the service, you are given a protected address to which you need to redirect your traffic. All traffic to the protected address is sent to DDoS Guard filtering nodes, where it is analyzed and cleaned, and then redirected to the protected server in Selectel infrastructure.

The protection works with HTTP and HTTPS requests only on ports 80 and 443, requests on other ports are not processed.

Connecting the service will not protect against DDoS attacks if the attackers know the target IP address. Before connecting, you should remove all references to IP addresses you want to protect from external resources. If the addresses are already under attack, you should order a new subnet and configure it on your servers.

Cost

The following tariffs are available for ordering the service: Normal, Medium, Premium, Enterprise. Their main differences:

  • number of protected domains;
  • number of servers for load balancing;
  • number of rules to restrict access by IP addresses. You can purchase an additional set of rules for any tariff through a ticket.

The filter bandwidth and traffic volume, including legitimate traffic, are not limited.

You can see a detailed comparison of tariffs and their costs at selectel.ru.

A single balance or a basic balance is used to pay for the service depending on the type of balance in the account.

The service is paid monthly. When ordering the service, the payment for the first period is deducted from the balance, further payments are deducted automatically at the beginning of each following month.

Connect the service

The minimum term of connection is 1-2 days. If you need protection urgently — create a ticket, specify the domain and IP address to be protected and your email for registration in the DDoS Guard personal cabinet. After creating a ticket , call us.

  1. If the IP address of the domain is already known to attackers, order and configure a new subnet.
  2. Order DDoS Guard website protection and acceleration service.
  3. Specify a protected address in the domain's A-record.
  4. Optional: additionally configure the protection.

1. Order and configure a new subnet

A new subnet is required if your servers are already under attack, i.e. the target IP address is already known to the attackers.

Order a subnet and configure the address from it on the server:

2. Order a service

  1. In the control panel, click Products in the top menu and select DDoS Protection.

  2. Click Order Services.

  3. In the line of the desired tariff DDoS Guard. Web Protection and Acceleration (Normal, Medium, Premium, Enterprise), click Pay.

  4. Check the data.

  5. Click Pay for Services.

  6. We will create and send a service order ticket.

  7. In this ticket, send us:

    • a domain that needs to be put under protection;
    • Domain IP address. You can specify multiple IP addresses if they point to the same domain and you want load balancing between them;
    • email to register in the DDoS Guard personal cabinet.

  8. We will process the order and send you login details for DDoS Guard to the email you specified in the ticket at step 7. Connection takes up to one business day.

3. Specify a secure IP address in the domain A record

  1. Go to your DDoS Guard personal account.
  2. Enter the login and password you received by email when ordering the service.
  3. Open the Site Protection and Acceleration service page.
  4. Open the Domains tab.
  5. In the Protected IP field, copy the protected IP address.
  6. Go to your domain registrar's control panel where your domain records are stored.
  7. In the A-records, change the value to the secure IP address that you looked up in your personal account. If the A-record is not for web traffic, for example, for a mail or FTP server, do not change its value.
  8. If AAAA records are specified for the domain, delete them. DDoS Guard does not work with IPv6 addresses, they can be bypassed.
  9. If you want to protect subdomains, add an A-record with a protected IP address for each. You can protect an unlimited number of subdomains.

4. Optional: further customize the protection

You can further customize the protection — for example, create flexible traffic filtering rules, enable geo-blocking and other options. For a list of additional options and instructions on how to configure them, see the DDoS Guard Protection and Site Acceleration section of the documentation.

  1. Go to your DDoS Guard personal account.
  2. Enter the login and password you received by email when ordering the service.
  3. Make the necessary settings.

Deactivate the service

  1. Make sure that you have reconfigured traffic reception to an address from your subnet. The protected address issued when the service was activated will be deactivated along with the protection.
  2. Go to your domain registrar's control panel where your domain records are stored.
  3. In the domain A record, change the value to an address from your subnet.
  4. In the control panel, click Products in the top menu and select DDoS Protection.
  5. Go to the DDoS Protection section.
  6. From the menu of the service, select Disable Monthly Payment.