Skip to main content

DDoS-Guard website protection and acceleration

Last update:

Web site protection and acceleration — a solution based on a partner product from DDoS-Guard.

The service allows you to block attacks on web applications and sites, and accelerate your application or site using CDN and load balancing.

The service can be activated together with DDoS-Guard L3-L4 DDoS Protection service or separately.

Principle of operation

When ordering the service, you are given a protected address to which you need to redirect your traffic. All traffic to the protected address is sent to DDoS-Guard filtering nodes, where it is analyzed and cleaned, and then redirected to the protected server in Selectel infrastructure.

The protection works with HTTP and HTTPS requests only on ports 80 and 443, requests on other ports are not processed.

Connecting the service will not protect against DDoS attacks if the attackers know the target IP address.Before connecting, you should remove from external resources all mentions of IP addresses you want to protect.If the addresses are already under attack, you should order a new subnet and configure it on your servers.

Cost

The following tariffs are available for ordering the service: Normal, Medium, Premium, Enterprise.Their main differences:

  • number of protected domains;
  • number of servers for load balancing;
  • number of rules to restrict access by IP addresses.You can purchase an additional set of rules for any tariff via ticket;
  • the ability to flexibly customize filtering rules.

The filter bandwidth and traffic volume, including legitimate traffic, are not limited.

You can see a detailed comparison of tariffs and their costs at selectel.ru.

A single balance or a basic balance is used to pay for the service depending on the type of balance in the account.

The service is paid monthly.When ordering the service, the payment for the first period is deducted from the balance, further payments are deducted automatically at the beginning of each following month.

Connect the service

The minimum term of connection is 1-2 days.If the connection of protection is required urgently — create a ticket, in it specify the domain and IP-address to be protected, and email for registration in the DDoS-Guard personal cabinet.After creating a ticket , call us.

  1. If the IP address of the domain is already known to attackers, order and configure a new subnet.
  2. Order DDoS-Guard website protection and acceleration service.
  3. Specify a protected address in the domain's A-record.
  4. Optional: configure additional protection.

1. Order and configure a new subnet

A new subnet is required if your servers are already under attack, i.e. the target IP address is already known to the attackers.

Order a subnet and configure the address from it on the server:

2. Order a service

  1. In the control panel, click Products in the top menu and select DDoS Protection.

  2. Click Order Services.

  3. In the line of the desired tariff DDoS-Guard. Web Protection and Acceleration (Normal, Medium, Premium, Enterprise), click Pay.

  4. Check the data.

  5. Click Pay for Services.

  6. We will create and send a service order ticket.

  7. In this ticket, send us:

    • a domain that needs to be put under protection;
    • Domain IP address.You can specify multiple IP addresses if they point to the same domain and you want load balancing between them;
    • email to register in the DDoS-Guard personal cabinet.
  8. We will process the order and send you login details for DDoS-Guard to the email you specified in the ticket at step 7. Connection takes up to one business day.

3. Specify a secure IP address in the domain A record

  1. Go to your DDoS-Guard personal cabinet.
  2. Enter the login and password you received by email when ordering the service.
  3. Open the Site Protection and Acceleration service page.
  4. Open the Domains tab.
  5. In the Protected IP field, copy the protected IP address.
  6. Go to your domain registrar's control panel where your domain records are stored.
  7. In A-records, change the value to the secure IP address you looked up in your personal account.If the A-record is not for web traffic, such as a mail or FTP server, do not change its value.
  8. If AAAA records are specified for the domain, delete them.DDoS-Guard does not work with IPv6 addresses, they can be attacked to bypass the protection.
  9. If you want to protect subdomains, add an A-record with a protected IP address for each.You can protect an unlimited number of subdomains.

4. Optional: configure additional protection

You can configure additional security.For example:

  • prohibit connection to the server from all IP addresses except DDoS-Guard trusted IP addresses.For more details on configuration, see the Firewall Configuration subsection of the Configuring L7 level protection instructions in the DDoS-Guard documentation.

  • Set up traffic filtering rules, enable geo-blocking or other options.Read more about possible settings in the Site Protection section of the DDoS-Guard documentation.

To configure additional protection:

  1. Go to your DDoS-Guard personal cabinet.
  2. Enter the login and password you received by email when ordering the service.
  3. Make the necessary settings.

Deactivate the service

  1. Make sure that you have reconfigured traffic reception to an address from your subnet.The protected address issued when you connected the service will be deactivated along with the protection.
  2. Go to your domain registrar's control panel where your domain records are stored.
  3. In the domain A record, change the value to an address from your subnet.
  4. In the Control Panel, click Products in the top menu and select DDoS Protection.
  5. Go to the DDoS Protection section.
  6. From the menu of the service, select Disable Monthly Payment.