aiProtect protects your application from Denial of Service and and other web based attacks, by pre-processing all HTTP traffic and isolating more vulnerable components at the network layer. It automates the identification and mitigation of Denial of Service (DoS & DDOS) attacks, while providing detailed reporting that also allow you to end attacks permanently on a network level.
Our PCI compliant multi-level defense enforces sanity rules on incoming requests and isolates the origin environment protecting valuable assets while eliminating most common online attacks.
aiProtect can block, overwrite and redirect URL’s, allowing aiProtect, not your web servers, to be your first line of defence.
One of the most challenging ordeals for web sites is surviving a Denial-of-Service Attack (DOS). During a DOS attack, a significant volume of bogus, specially formed requests are directed at the web site, often from a network of bots – these are compromised computers all over the Internet, now under complete control of the attackers.
aiProtect offers the most complete set of DOS & DDOS countermeasures available in the industry. You already know about the first level of defence offered by aiProtect, connection and request/response offloading, sanity checking and URL blocking.
The next level of defence is aiProtect’s ability to block IP address ranges. When you know that certain IP addresses are generating the attack traffic, you can configure aiProtect to block all connections and requests from such ranges. aiProtectservers, when operating in clusters, automatically communicate such blocked IP ranges. You can also whitelist trusted addresses, so that they are never subject to any additional DOS countermeasures.
The next level of defence is the Intelligent Request Throttling. This countermeasure limits requesting clients to certain number of requests per interval. Our method of throttling is different from simple RPS-limiting and is much more user friendly. If your typical page consists of 10-15 items, such 20:10 limit will allow users to view a complete page every 10 seconds, presenting no inconvenience for a human, but stopping bot traffic dead in its tracks.
aiProtect has special logic, dedicated to punishing repeat offenders – these are bots trying to drive the highest possible volume of attack traffic. The more traffic these bots generate, the more punishment applied by aiProtect.
aiProtect on AWS now also features protection against SYN floods. When aiProtect detects a DDoS attack, an email alert will be sent to your email address. You can then view the offending ip addresses, in a file that is real-time accessible through your browser (see our AWS aiProtect wiki)
The final counter-measure is our unique RTATC (Reverse-Turing Access Token Control). This countermeasure challenges the requesting client to prove the presence of a human operator, via a reverse-Turing test. These are tests that any human is capable of passing but a bot will fail.
When the operator challenge receives a satisfactory answer, aiProtect allows the requestor access to the site by issuing an Access Token. The Access Token has a feature so that it cannot be shared, reused or abused.
In summary, we offer industry leading, comprehensive, integrated application firewall. We would be pleased to discuss your specific environment. These capabilities can be implemented on a short term basis through our cloud partners or easily integrated as a permanent protection layer in your datacenter. We provide complete support for deployment and have professional services available for more complex environment.
You can fill in your domain and select the DDoS template on the configuration step:
Or contact us for a configuration that is specific to your needs:Contact us