Our PCI compliant architecture enforces sanity, size, and time limits on all client requests. We automate the identification of network attacks, such as DOS and DDOS, and provide a multi-level defense, while tracking detailed information necessary to stop the attack permanently.
aiProtect can block, overwrite and redirect URL’s, allowing aiProtect, not your web servers, to be your first line of defence.
One of the most challenging ordeals for web sites is surviving a Denial-of-Service Attack (DOS). During a DOS attack, a significant volume of bogus, specially formed requests are directed at the web site, often from a network of bots – these are compromised computers all over the Internet, now under complete control of the attackers.
aiProtect offers the most complete set of DOS & DDOS countermeasures available in the industry. You already know about the first level of defence offered by aiProtect, connection and request/response offloading, sanity checking and URL blocking.
The next level of defence is aiProtect’s ability to block IP address ranges. When you know that certain IP addresses are generating the attack traffic, you can configure aiProtect to block all connections and requests from such ranges. aiProtectservers, when operating in clusters, automatically communicate such blocked IP ranges. You can also whitelist trusted addresses, so that they are never subject to any additional DOS countermeasures.
The next level of defence is the Intelligent Request Throttling. This countermeasure limits requesting clients to certain number of requests per interval. Our method of throttling is different from simple RPS-limiting and is much more user friendly. If your typical page consists of 10-15 items, such 20:10 limit will allow users to view a complete page every 10 seconds, presenting no inconvenience for a human, but stopping bot traffic dead in its tracks.
aiProtect has special logic, dedicated to punishing repeat offenders – these are bots trying to drive the highest possible volume of attack traffic. The more traffic these bots generate, the more punishment applied by aiProtect.
aiProtect on AWS now also features protection against SYN floods. When aiProtect detects a DDoS attack, an email alert will be sent to your email address. You can then view the offending ip addresses, in a file that is real-time accessible through your browser (see our AWS aiProtect wiki)
The final counter-measure is our unique RTATC (Reverse-Turing Access Token Control). This countermeasure challenges the requesting client to prove the presence of a human operator, via a reverse-Turing test. These are tests that any human is capable of passing but a bot will fail.
When the operator challenge receives a satisfactory answer, aiProtect allows the requestor access to the site by issuing an Access Token. The Access Token has a feature so that it cannot be shared, reused or abused.
In summary, we offer industry leading, comprehensive, integrated application firewall. We would be pleased to discuss your specific environment. These capabilities can be implemented on a short term basis through our cloud partners or easily integrated as a permanent protection layer in your datacenter. We provide complete support for deployment and have professional services available for more complex environment.
Easiest caching server we've found We were looking for something to help keep as much load as possible off our Windows origin servers. Our website is subject to extreme spikes in traffic, and there are make requests that can be cached. We've now used aiCache during several large events, and the CPU is hardly pressed at all. The support from aiCache had been excellent. They were able to create a new feature for us in under 24 hours. -ScribbleLive.com
aiCache saves a lot of money We use aiCache at Giant Digital in front of our load balanced AWS hosted servers on Scalr. Although occasionally we do experience high loads that spawn multiple DBs or web servers for the most part aiCache deals with 99% of the traffic that's thrown at it and this is for 20 million+ pages a month servers. -www.gigwise.com