Web application DDoS protection

L3, L4, and L7 DDoS attack protection

How the filtering platform works

The cloud platform consists of our own traffic filtering centers in Russia and Europe.

Each node processes at least 160 Gbps of active traffic. This makes the total effective filtering bandwidth more than 1.5 Tbps. The nodes are connected to several service providers and they have backup copies of all systems, such as cleaning servers, managing servers, data storage systems, and network equipment.

You don’t need your own infrastructure to be protected. Your business processes won’t stop, and your users and customers won’t even notice that your resource has been attacked.

How our unique protection technology works

1

Resource analysis

Resource load is analyzed in real time for any statistical abnormalities.
2

Technical analysis

Each new query undergoes a basic technical analysis of the client who sent it (for example, the median size of network packets is analyzed).
3

Behavioral factor recognition

If a client has sent more than one query within the monitored period of time, then the client’s behavior on the website is analyzed (for example, the time between queries and subqueries).
4

Query check

The query is checked against suspicious signatures currently relevant for the resource. Both coincidence and “proximity” can be checked.
5

Query validity conclusion

As a result, the information is combined into a factor vector that is used to calculate query validity.

Technological advantages

1

We protect you against low-frequency attacks starting with the first query
2

We block sessions, not IP addresses
3

We support whitelists and blacklists of IP addresses
4

We support HTTP/2, IPv6, and web sockets
5

We support HTTPS with and without disclosing SSL certificates
6

We provide statistics in your personal account
7

The false positive rate is less than 0.01 %
8

We provide load balancing, including Round Robin, Weighted Round Robin, and IP hash
9

24/7 technical support

Cost benefits

Traffic is calculated based on the 95th percentile

We don’t charge for 5 % of your resource’s peak traffic.

You don’t have to pay for traffic surges during sales or emergencies.
We guarantee no less than 99.5 % availability

The guaranteed availability of your resources is no less than 99.5 %.

If we can’t protect you, we return your money.
We save your time and money

We provide a hardware and software system.

To enable protection, simply configure a DNS record.

Protect web application

Bot protection

Nowadays, all online businesses are threatened by bots: websites, services, APIs, mobile applications, and payment systems. But lately, popular online stores and media resources have been the ones who most often ask us for bot protection.

How malicious bots can harm your business

Slowing down your website 01
Account hacking and bank card fraud 02
Advertising fraud 03
Content theft 04
Parsing for the competition 05
Scalping 06
Corrupted analytics 07
Lost sales 08

Problem	Solution
Problem Bots (both useful and harmful) generate an average of 50 % of your web traffic, with peak numbers reaching 60–70 %. To process all this traffic, serious investment into infrastructure is needed. By using stolen databases with millions of login and password combinations, bots may gain access to your resources. As a result, by hacking accounts, violators can acquire credit card data and resell it. Or they can commit fraud with coupons or credits on the accounts of your clients whose credentials have been forged. Suppose you use paid traffic to attract clients. Are you sure that the traffic you paid for is generated by real humans and can be converted into sales? Since bots generate about 50 % of the world’s web traffic, it’s possible that the better half of the traffic you’re buying is advertising fraud. Articles, prices, merchandise descriptions, comments, infographics, and photos are valuable content. They generate sales, improve the image of your brand, and boost search results. It’s in the best interests of any business to spread this content as widely as possible, but only on your own terms and under your name. Unprotected content will, in all likelihood, be copied by bots. It might be used for competitive intelligence, data aggregation, or the creation of new businesses based on your information. It might also be resold by content services and integrated into commercial analytics services. Without reliable protection, parsers freely gather information (e.g. about prices) from your website or mobile app to supply your competitors with data. Let’s say you offer limited-issue goods (tickets to events, special issues, etc.). By utilizing their speed, bots are able to purchase these goods at a lower price before your clients can. Those goods are later resold with a substantial markup. Such situations can significantly harm your reputation. Your metrics are crucial in optimizing your conversion rates and increasing UI efficiency. But if you can’t distinguish between bot traffic and user traffic, you’re analyzing corrupted data. Bots can disrupt the sales process on your website. They might fill up carts with goods that will never be bought to make them unavailable to your customers. This leads to stock build-up while your clients can’t buy anything.	Solution We’ll block all unwanted bot-generated traffic. Your website and API will be utilized by real users only. We’ll block bots that try to figure out logins and passwords to gain access to your system. We’ll clean up your paid traffic so that you can analyze the sources of low-quality traffic and optimize your marketing budget. We’ll block parser bots and protect your content against automatic copying. We’ll block parser bots and protect your data from competitors and aggregators. We guarantee that your merchandise will actually get into the hands of the people who it’s meant for. We’ll clean irrelevant bots from your figures. We’ll protect your sales by shutting down manipulations that use fake purchases.

Problem

Solution

Problem

Bots (both useful and harmful) generate an average of 50 % of your web traffic, with peak numbers reaching 60–70 %. To process all this traffic, serious investment into infrastructure is needed.

By using stolen databases with millions of login and password combinations, bots may gain access to your resources.

As a result, by hacking accounts, violators can acquire credit card data and resell it. Or they can commit fraud with coupons or credits on the accounts of your clients whose credentials have been forged.

Suppose you use paid traffic to attract clients. Are you sure that the traffic you paid for is generated by real humans and can be converted into sales?

Since bots generate about 50 % of the world’s web traffic, it’s possible that the better half of the traffic you’re buying is advertising fraud.

Articles, prices, merchandise descriptions, comments, infographics, and photos are valuable content. They generate sales, improve the image of your brand, and boost search results. It’s in the best interests of any business to spread this content as widely as possible, but only on your own terms and under your name.

Unprotected content will, in all likelihood, be copied by bots. It might be used for competitive intelligence, data aggregation, or the creation of new businesses based on your information. It might also be resold by content services and integrated into commercial analytics services.

Without reliable protection, parsers freely gather information (e.g. about prices) from your website or mobile app to supply your competitors with data.

Let’s say you offer limited-issue goods (tickets to events, special issues, etc.). By utilizing their speed, bots are able to purchase these goods at a lower price before your clients can. Those goods are later resold with a substantial markup. Such situations can significantly harm your reputation.

Your metrics are crucial in optimizing your conversion rates and increasing UI efficiency. But if you can’t distinguish between bot traffic and user traffic, you’re analyzing corrupted data.

Bots can disrupt the sales process on your website. They might fill up carts with goods that will never be bought to make them unavailable to your customers. This leads to stock build-up while your clients can’t buy anything.

Solution

We’ll block all unwanted bot-generated traffic. Your website and API will be utilized by real users only.

We’ll block bots that try to figure out logins and passwords to gain access to your system.

We’ll clean up your paid traffic so that you can analyze the sources of low-quality traffic and optimize your marketing budget.

We’ll block parser bots and protect your content against automatic copying.

We’ll block parser bots and protect your data from competitors and aggregators.

We guarantee that your merchandise will actually get into the hands of the people who it’s meant for.

We’ll clean irrelevant bots from your figures.

We’ll protect your sales by shutting down manipulations that use fake purchases.

Protect yourself against bots

WAF hacking protection

A Web Application Firewall (WAF) provides efficient protection for web applications against hacking and unauthorized access to confidential data.

Any application code might contain errors. Hackers frequently use such vulnerabilities to access user data. If you block entire ports, IP addresses, or protocols (which is how network firewalls work), you might also disable important, legitimate processes. That’s why a modern-day protection system must analyze packet contents and better "understand" how applications work.

We’ll not only detect and prevent attacks on your application in time, but we’ll also eliminate the possibility of vulnerabilities being exploited.

How a WAF works

Proactive filter

Blocks the majority of attacks on web applications. Can work with large amounts of traffic.

The unsupervised training algorithm helps prevent false positives.
Vulnerability detection system

Detects existing safety errors within web applications.

Provides information about detected vulnerabilities and detailed recommendations on how to eliminate them.
Virtual Patching system

Protects applications from vulnerabilities by detecting and blocking attacks and hacking attempts in real time.

No website downtime required.

WAF advantages

1

Doesn’t require any additional equipment, software, or changes in the application code
2

Ruby, PHP, .NET, Perl, Python, and other languages are supported
3

Non-signature (statistical) analysis methods don’t affect legitimate traffic
4

Detection of new types of attacks whose signatures are not in the knowledge base
5

Automatic monitoring of vulnerabilities until they are fixed
6

Vulnerability elimination quality control

Learn about your website’s vulnerabilities today.

Check website for vulnerabilities

Plans

Favorable terms for web application DDoS attack protection

	START	PRO	ENTERPRISE
Monthly subscription fee	^€ 50 /mo	^€ 140 /mo	Personal terms
Guaranteed availability (SLA)	>99.5%	>99.9%	>99.9%
Protection from network and transport layer DDoS attacks (L3, L4)	Unlimited	Unlimited	Unlimited
Protection from application layer DDoS attacks (L7)	Unlimited	Unlimited	Unlimited
Number of protected resources	1	1	1
Technical support	8/5	24/7	24/7
Protection for 1 additional resource per month	50 €	50 €	Per request
Legitimate traffic included*	3 Mbps	5 Mbps	Per request
Traffic charge above quota (per Mbps)	10 €	8 €	Per request
Show advanced options Hide advanced options
1 additional IP address for client’s domain protection	130 €	130 €	Per request
Issuing and support of SSL certificates per certificate per month	2 €	2 €	Per request
Bot protection (parsing/brute-force protection) per Mbps (total bandwidth of legitimate traffic is counted for the resource that has this option enabled)	Not available for this plan	5 €	5 €
HTTPS filtering without key disclosure per resource per month	Not available for this plan	115 €	115 €
	Enable	Enable	Enable

START
Monthly subscription fee ^€ 50 /mo
Guaranteed availability (SLA) >99.5%
Protection from network and transport layer DDoS attacks (L3, L4) Unlimited
Protection from application layer DDoS attacks (L7) Unlimited
Number of protected resources 1
Technical support 8/5
Protection for 1 additional resource per month 50 €
Legitimate traffic included** 3 Mbps
Traffic charge above quota (per Mbps) 10 €
Show advanced options Hide advanced options
1 additional IP address for client’s domain protection 130 €
Issuing and support of SSL certificates per certificate per month 2 €
Bot protection (parsing/brute-force protection) per Mbps (total bandwidth of legitimate traffic is counted for the resource that has this option enabled) Not available for this plan
HTTPS filtering without key disclosure per resource per month Not available for this plan
Enable

PRO
Monthly subscription fee ^€ 140 /mo
Guaranteed availability (SLA) >99.9%
Protection from network and transport layer DDoS attacks (L3, L4) Unlimited
Protection from application layer DDoS attacks (L7) Unlimited
Number of protected resources 1
Technical support 24/7
Protection for 1 additional resource per month 50 €
Legitimate traffic included** 5 Mbps
Traffic charge above quota (per Mbps) 8 €
Show advanced options Hide advanced options
1 additional IP address for client’s domain protection 130 €
Issuing and support of SSL certificates per certificate per month 2 €
Bot protection (parsing/brute-force protection) per Mbps (total bandwidth of legitimate traffic is counted for the resource that has this option enabled) 5 €
HTTPS filtering without key disclosure per resource per month 115 €
Enable

ENTERPRISE
Monthly subscription fee Personal terms
Guaranteed availability (SLA) >99.9%
Protection from network and transport layer DDoS attacks (L3, L4) Unlimited
Protection from application layer DDoS attacks (L7) Unlimited
Number of protected resources 1
Technical support 24/7
Protection for 1 additional resource per month Per request
Legitimate traffic included** Per request
Traffic charge above quota (per Mbps) Per request
Show advanced options Hide advanced options
1 additional IP address for client’s domain protection Per request
Issuing and support of SSL certificates per certificate per month Per request
Bot protection (parsing/brute-force protection) per Mbps (total bandwidth of legitimate traffic is counted for the resource that has this option enabled) 5 €
HTTPS filtering without key disclosure per resource per month 115 €
Enable

Extra hacking protection (WAF)

Can be requested as an addition to a selected plan.

	PRO	ENTERPRISE
Monthly subscription fee	710 €	920 €
Attack protection for 1 application up to 1.000 RPS*	+	+
Perimeter vulnerability scan for 50 IP addresses	+	+
Attack double-check and zero-day vulnerability detection for an application	+	+
Application protection against bots and brute-force attacks up to 1.000 RPS*	-	+
Custom creation of blocking rules and virtual patching of applications	-	+

PRO
Monthly subscription fee 710 €
Attack protection for 1 application up to 1.000 RPS* +
Perimeter vulnerability scan for 50 IP addresses +
Attack double-check and zero-day vulnerability detection for an application +
Application protection against bots and brute-force attacks up to 1.000 RPS* -
Custom creation of blocking rules and virtual patching of applications -

ENTERPRISE
Monthly subscription fee 920 €
Attack protection for 1 application up to 1.000 RPS* +
Perimeter vulnerability scan for 50 IP addresses +
Attack double-check and zero-day vulnerability detection for an application +
Application protection against bots and brute-force attacks up to 1.000 RPS* +
Custom creation of blocking rules and virtual patching of applications +

Additional resource options

	1–5 licenses	6–10 licenses	10+ licenses
Attack protection for an additional application (second-level domain)	55 €	40 €	23 €
+500 RPS* for an application	285 €	200 €	Per request
Perimeter vulnerability scan for 50 more IPs	75 €	57 €	38 €
Attack double-check and zero-day vulnerability detection for an additional application	75 €	57 €	38 €
Application protection against bots and brute-force attacks when the load is increased by 500 RPS*	72 €	70 €	55 €

1–5 licenses
Attack protection for an additional application (second-level domain) 55 €
+500 RPS* for an application 285 €
Perimeter vulnerability scan for 50 more IPs 75 €
Attack double-check and zero-day vulnerability detection for an additional application 75 €
Application protection against bots and brute-force attacks when the load is increased by 500 RPS* 72 €

6–10 licenses
Attack protection for an additional application (second-level domain) 40 €
+500 RPS* for an application 200 €
Perimeter vulnerability scan for 50 more IPs 57 €
Attack double-check and zero-day vulnerability detection for an additional application 57 €
Application protection against bots and brute-force attacks when the load is increased by 500 RPS* 70 €

10+ licenses
Attack protection for an additional application (second-level domain) 23 €
+500 RPS* for an application Per request
Perimeter vulnerability scan for 50 more IPs 38 €
Attack double-check and zero-day vulnerability detection for an additional application 38 €
Application protection against bots and brute-force attacks when the load is increased by 500 RPS* 55 €

	G‑Core Labs	Qrator Labs	Kaspersky	Cloudflare
Hacking protection (WAF)	+	+	+	+
L3/L4 attack protection	+	+	+	+
L7 attack protection without IP block	+	+	+	+
L7 attack protection from the first query	+	—	—	—
HTTPS protection without SSL disclosure, log transfer, or IP blocking	+	—	—	+
Bot protection (web)	+	—	—	—
Bot protection (mobile API)	+	—	—	—
Bot protection without changes in the app code (mobile API)	+	—	—	—

WEB APPLICATION DDOS PROTECTION