remote protection from DDoS attacks

Remote DDoS Protection

Remotely protect websites against all types of DDoS attacks.

JavaPipe’s industry-leading DDoS mitigation system protects your existing hosting platform from cyber-attacks.

It scrubs all attack traffic and forwards only the clean and legitimate bandwidth to your unprotected origin server.

3 days money back guarantee

Level 1 Protection

$54
$ 32
00 *
/Month
  • DDoS Protection up to 750Gbps/800Mpps
  • WAF (Web Application Firewall)
  • WebSocket Support
  • Unlimited Domains
  • WorldShield v3 Control Panel
  • Standard Performance
  • Standard Support

Level 2 Protection

$164
$ 98
00 *
/Month
  • DDoS Protection up to 750Gbps/800Mpps
  • WAF (Web Application Firewall)
  • WebSocket Support
  • Unlimited Domains
  • WorldShield v3 Control Panel
  • High Performance
  • Priority Support

* Monthly price if you pre-pay for 3 years, which includes 40% discount.

Remote DDoS Mitigation

JavaPipe scrubs all traffic before reaches your origin server. This way only legitimate network packets arrive at your server.

All mitigation layers can be fully customized by our DDoS experts to suit your purpose.

Remote DDoS Protection explained

Key Features

GuardPanel

WorldShield v3

WorldShield v3 puts you in control of your protection. Forward ports, adjust protection settings, and add domains with one click.

Latest Tech

Latest Tech

Super fast DDoS attack detection. RioRey hardware backed by proprietary mitigation techniques and expert IT staff.

Auto DDoS attack detection

Automatic Defense

JavaPipe automatically mitigates any type of DDoS attack. We keep your service protected 24/7.

AI

Intelligence

DDoS protection that adapts to changes in attack patterns in real-time, without human intervention. Tailored to your needs.

Website protection

Website DDoS Protection (HTTP/HTTPS Reverse Proxy)

The DDoS protection for websites protects any HTTP application and increases its performance and security. It includes layer 7 filtering, static content caching, a WAF (Web Application Firewall) against hackers and supports the latest technology, including HTTP/2, WebSockets and Load Balancing.

You can protect an unlimited number of domains with our DDoS protection for websites. You don’t need to host your site with us to use JavaPipe’s solutions for threat mitigation. We provide you with a secure IP to point your DNS to instead of the real IP of your server. Traffic is then directed through our DDoS flood defense layers to block the bad DDoS traffic and the web based HTTP reverse proxy will forward all the clean traffic to your real server where your website is hosted.

How Does the Remote DDoS Protection Work?

We provide you with a secure dedicated IP which you will use for your website’s DNS A records instead of the your real server IP. You will receive access to a tool called WorldShield for configuring your protection. You can use this control panel to provide your real IP to direct the clean bandwidth to, and then configure all the domains that you wish to protect from attacks on that IP.

Please note that the remote proxy protection can only handle 1 server IP per plan. So if you have 2 websites with 2 different server IPs, then you will need 2 plans. If all your sites are hosted on one backend server IP, then you can protect all of those sites with just one anti DDoS proxy service.

It is also recommended that you ask your hosting provider to change your IP after you sign-up with us. The reason for this is that your previous IP may still be known to your attacker or attackers and could therefore be targeted directly, bypassing our offshore DDoS scrubbing center completely. To ensure your unprotected server IP stays hidden, you need to have it swapped and then keep the new IP hidden by making sure that not a single DNS record points to it and that your website doesn’t send any automated e-mails from your server. If you want to protect a forum from DDoS attacks, you should also make sure that you disable any remote uploads (aka URL uploads) of profile pictures and the like.

JavaPipe’s website protection also supports WebSockets and can act as a Load Balancer to distribute requests between a number of different backends. If your application uses these, simply open a ticket after you place your order and request to enable them for your website.

If your website uses HTTPS for secure transactions, then you will need to provide us the SSL key and certificate to add to your proxy for port 443. We support strong encryption ciphers as well as HTTP/2 to assure the best possible performance and security of your website.

WorldShield v3 Features

  • Backend IP: Add your back end IP that you want to protect. You can also enable ports for port proxying. For example, if you have a web application running on 8080, then you can use this to forward 8080 to port 80.
  • Manage SSL Certificates: Upload SSL certificates any time you update them for your website. It is accessible and easy to use. Just be sure to include key, certificate, and chain.
  • Allow HTTP Methods: Available options are GET, POST, HEAD, TRACE and PUT. This way you can limit which methods are accessible to your website and block all others.
  • Deny URLs: Block URLs from sending traffic to your website. It includes regular expression capabilities when adding URLs to the filter.
  • Deny HTTP Protocols: Block requests coming from HTTP/1.0 or HTTP/2.0
  • Geo IP Blocking: Block certain countries from accessing your sites.
  • Activate In-House WAF: Enable or disable our in-house developed web application firewall to handle complex attacks with increased protection.
  • Web Security Challenge: Enable JavaScript challenge questions or click to pass option to allow visitors to your site. This is a great way to deter tricky attacks that are getting through.
  • Live Access Logs: View live access logs from the proxy. This helps to provide information for advance filtering adjustments.
  • Advanced Filters (Level 2 Plan Only!): Checks if an IP address is accessing the URL for X number of times in an interval of XY seconds. The IP is added to the flood list if an IP address accesses the URL more than five times in ten seconds. This feature requires more processing power, so it only available for level 2 web protected proxy.
Session verification

Session Verification Feature

Our website DDoS protection includes special layer 7 filtering that uses several methods to determine if a page request is legit or not. These include but are not limited to:

  • Anomaly Detection in HTTP Requests (HTTP flood)
  • Rate-limiting of Connections
  • Encrypted Cookie Check
  • JavaScript Check
  • IP Reputation Check

Web Application Firewall (WAF)

JavaPipe’s high-performance WAF is able to block malformed HTTP requests and bad packets before they can reach your application. Not only does it help to block less complex layer 7 attacks, it also defends against hacking.

Along with DDoS attacks it is not uncommon for attackers to try and exploit and compromise your web application in order to destroy your business. Our WAF mitigates most hacking attempts, including but not limited to:

  • SQL Injections (SQLI)
  • Cross Site Scripting (XSS & CSS)  
  • Remote File Inclusions (RFI)
  • Local File Inclusion (LFI)
  • Cross Site Request Forgery (CSRF)     
  • Remote Code Execution
  • Bad HTTP Request Methods
  • Heartbleed
  • POODLE
  • BEAST
  • Shellshock
web application firewall waf
IP address forwarding

IP Address Forwarding

JavaPipe’s remote protection against DDoS for websites is not just limited to the HTTP protocol. An important feature that our competitors lack is that they don’t forward e-mail traffic, which means you won’t be able to receive e-mails on your backend server unless you would reveal your server IP and make it vulnerable to attacks, defying the entire purpose of the attack protection.

With JavaPipe’s solution, SMTP as well as POP3(S) and IMAP(S) ports are being forwarded, so you can receive mails through our remote website protection on your backend server. Control panel ports such as WHM and cPanel ones are also forwarded, but are not enabled by default. If you need to use them, please inform us by ticket.

Forwarding of Common Server Ports

You can have us setup IP forwarding so that your visitors IPs can be handled correctly within your web application. You will need to install mod_rpaf on your backend server. We can assist you in this setup if you simply request for help via support ticket.

Reverse Proxy Control Panel

WorldShield for website DDoS attack protection allows you to conveniently configure your DDoS proxy service any time you need. It provides you the ability to provide real IP of your server, configure the domains to be protected, and monitor the attacks against your website.

Important Points About the Website Protection

DDoS Filter Tweaking

DDoS mitigation can never be a one size fits all solution. Every site’s traffic has its own set of problems that often require some tweaking to perfect the reverse proxy DDoS protection.

If you feel that your site isn’t being protected well, please let us know and we will work with you.

Mitigation Time

It takes a few seconds to determine the attack type to mitigate. Once mitigated, it continues to protect you from that particular type of attack for the entire session. Because of the varying nature of DDoS attacks, there is no such thing as “instant” filtering.

Some companies may offer “instant” DDoS filtering but what this really means is they are blocking all traffic until all traffic is analyzed thus increasing latency almost two-fold! This “instant” protection may work for websites but is terrible for games.

Currently the fastest DDoS mitigation in the world is about 10 seconds. Some very complex attacks may take up to 90 seconds before they are blocked.

Our industry leading remote DDoS prevention technology is among the fastest in world, and is fully equipped to handle all types of traffic (web, game and applications).

Things You Should Do to Minimize Problems

  • Whitelist the secure proxy IP on your backend server. If the proxy can’t connect to your server, then you’ll experience 502 gateway timeout errors. If you’re using our Linux KVM VPS plans as backend, feel free to ask our support for assistance.
  • Firewall all traffic except from the proxy IP and your direct access to the server. You only want to receive clean bandwidth from the proxy IP address. This eliminates attempts to target your server directly.
  • Ensure you have selected the proper location which is closest to your server (US or Europe).
  • Tell us about your site and the kind of traffic it uses so that our engineers can fine-tune the DDoS firewall rules according to your application’s needs.
  • If you’re seeing a message like “DDoS protection suspended due to possible payment problems” you should make sure that there are no outstanding invoices