Link11’s Web DDoS Protection is an integral part of the Web Security Suite and protects you based on an always-on principle.
It’s completely automated and responds to potential online threats around the clock.
Many digital service providers have their web applications hosted by external cloud providers in order to save the costs of their own infrastructure. The problem: protecting digital assets is often not a priority for many cloud providers. A concentrated DDoS attack can have serious consequences, especially for providers of web shops during large shopping events.
DDoS threats to your web applications include the following:
Unavailability of services: Networks are overloaded with high numbers of attacks until performance degrades or your own offering is no longer accessible at all.
Disruption of API interfaces: The Kubernetes clusters used by the service are disrupted, so that the services offered can no longer update as desired.
Blocking of cloud services: The direct connection to linked services is disrupted to such an extent that no reliable synchronisation can take place – the loss of important data is imminent.
If a DDoS attack hits a target that is only inadequately protected, operators must expect noticeable damage in many cases. High revenue losses due to inaccessible services are the usual consequence, and the associated loss of image due to dissatisfied customers can have an even more serious impact in the long term.
How the Link11
DDoS Web technology works
Link11’s Web DDoS protection solution is based on Layer 7 reverse proxy technology. This means that client requests are
redirected via a system based on a web resource, which then initiates the connection to the actual destination. This redirection is
done by changing the corresponding DNS record of the web application to the IP address provided by Link11, thus
providing an additional layer of protection.
To ensure increased security, the Web DDoS technology is divided into multiple instances, each of which acts as its own
dedicated IP address. Each instance is operated in a Link11 scrubbing center to better counter a large volume attack.
Our technology also effectively protects Link11 customers from HTTP-based attacks (Layer 7).
For this, a separate domain-specific x.509 certificate must be uploaded within the web DDoS protection and the special TLS termination must be switched on. This allows all TLS connections to be analyzed and decrypted. Traffic is then checked for DDoS attacks, re-encrypted and finally forwarded to the Origin server.
DDoS detection and protection measures
As soon as a certain number of accesses overwhelms and paralyzes the backend system, we call it a DDoS attack.
Our DDoS protection includes various measures that prevent this condition from ocurring:
The technology checks the response times and HTTP 50x error messages reported by the backend and automatically launches defense algorithms if anomalies are detected.
The defense mechanism works internally, using a scoring system that evaluates the anomalies and, once a certain threshold is reached, starts blocking IP addresses with conspicuously high scores.
The points allocation and the resulting implementation of the blockade work dynamically.
Your Link11 Dashboard
A glance at the interface reveals the strength of your DDoS protection.
The Dashboard via DNS forwarding provides you with individual insight into the real-time analysis of the
data traffic. It furthermore shows DDoS attacks that have been fended off and their origin, the server availability, and measurement
results concerning current server response times. Moreover, individual countries can be blocked in the Dashboard.
The reports enable the scheduled generation of customized reports in a management overview. The reports can automatically be sent at regular intervals. All settings configured by the administrators in the user interface can be tracked and corrected ad hoc.
An alert function can notify the user about urgent threats by means of text messages. For every blocked connection, the blocking list indicates the reason for the filtering, the place of origin, and the duration of the connection. In this blocking list, blocked connections can also be unblocked for future connection attempts.
The Diagnosis Dashboard features general DDoS information and draws attention to current threats. Additionally, a DDoS alert system and a DDoS traffic display provide a quick overview of the current security status. The settings area enables the adjustment of the granularity of the smart DDoS filter and the configuration of settings for approved and unwanted access by means of blacklists and whitelists.
The whitelist makes it possible to setup permanent access for systems whose behavior deviates greatly from that of a normal user. For example, approved Internet crawlers are identified, and the compatibility with standard search engines, approved advertising bots, and administrators is guaranteed.
Why Product Managers choose Link11
Jochen Weper (Product Manager) from Arvato Systems talks about the results after implementing Link11’s security solution. The result: a general decrease in DDoS attacks and immediate mitigation in case of emergency.
WEB DDOS PROTECTION
You would like to learn more
about Web DDoS protection?
Then please contact us personally and we will answer all your open questions.
The Link11 Web DDoS Protection solution is part of the Web
Security Suite, which includes a variety of add-on
modules that reliably secure your web applications from attacks.
To learn more about Link11’s Web Security Suite and its
features, visit the overview page.