Remote DDoS ProtectionProtect an unprotected server from DDoS attacks.
Protection for Websites & Applications
Remotely protect websites and applications (games, etc.) against all types of Distributed Denial of Service (DDoS) attacks!
JavaPipe’s industry-leading DDoS mitigation system protects your existing hosting platform from cyber-attacks.
It scrubs all attack traffic and forwards only the clean and legitimate bandwidth to your unprotected origin server.
- DDoS Protection for HTTP(S) up to 750Gbps/800Mpps
- WAF (Web Application Firewall)
- WebSocket & Load Balancing*
- Unlimited Domains
- E-Mail Ports Forwarded*
- GuardPanel Control Panel
- Technology: HTTP Reverse Proxy
* If you need this feature, please contact us after you completed your order
Remote DDoS Mitigation
JavaPipe scrubs all traffic before reaches your origin server. This way only legitimate network packets arrive at your server.
All mitigation layers can be fully customized by our DDoS experts to suit your purpose.
GuardPanel puts you in control of your protection.
Update your origin IP, open ports or add domains with one click.
Super fast attack detection.
RioRey DDoS mitigation hardware backed by proprietary mitigation techniques and expert IT staff.
JavaPipe automatically mitigates any type of DDoS attack.
We keep your service protected 24/7.
DDoS protection that adapts to changes in attack patterns in real-time, without human intervention.
Tailored to your needs.
Website DDoS Protection
The DDoS protection for websites protects any HTTP application and increases its performance and security. It includes layer 7 filtering, static content caching (CDN), a WAF (Web Application Firewall) against hackers and supports the latest technology, including HTTP/2, WebSockets and Load Balancing.
You can protect an unlimited number of domains with our DDoS protection for websites. You don’t need to host your site with us to use JavaPipe’s solutions for threat mitigation. We provide you with a secure IP to point your DNS to instead of the real IP of your server. Traffic is then directed through our DDoS flood defense layers to block the bad DDoS traffic and the web based HTTP reverse proxy will forward all the clean traffic to your real server where your website is hosted.
Application DDoS Protection
The DDoS protection for applications defends all other online services, such as game servers and email servers against DDoS attacks and turns an unprotected server into DDoS protected hosting. The supported technologies are GRE tunneling, VPN tunneling and NAT forwarding (default).
Our DDoS protection for applications can protect all sorts of game servers and online services from DDoS, such as Minecraft and many more. It can also defend applications from attacks that run on special ports. You do not need to host your game server with us for this type of proxy protection. We provide you a protected IP to use instead of your real server IP and you provide this DDoS-filtered IP to your players to access your game, while keeping your backend server IP a secret so it can’t become the victim of direct DDoS attacks. Traffic is redirected through our DDoS mitigation layers to block the bad packets and then the game based reverse DDoS proxy will forward only the clean traffic to your backend server wherever the game is hosted.
How Does the Website DDoS Protection Work?
We provide you with a secure dedicated IP which you will use for your website’s DNS A records instead of the your real server IP. You will receive access to a tool called GuardPanel for configuring your protection. You can use this control panel to provide your real IP to direct the clean bandwidth to, and then configure all the domains that you wish to protect from attacks on that IP.
Please note that the remote proxy protection can only handle 1 server IP per plan. So if you have 2 websites with 2 different server IPs, then you will need 2 plans. If all your sites are hosted on one backend server IP, then you can protect all of those sites with just one anti DDoS proxy service.
It is also recommended that you ask your hosting provider to change your IP after you sign-up with us. The reason for this is that your previous IP may still be known to your attacker or attackers and could therefore be targeted directly, bypassing our offshore DDoS scrubbing center completely. To ensure your unprotected server IP stays hidden, you need to have it swapped and then keep the new IP hidden by making sure that not a single DNS record points to it and that your website doesn’t send any automated e-mails from your server. If you want to protect a forum from DDoS attacks, you should also make sure that you disable any remote uploads (aka URL uploads) of profile pictures and the like.
JavaPipe’s website protection also supports WebSockets and can act as a Load Balancer to distribute requests between a number of different backends. If your application uses these, simply open a ticket after you place your order and request to enable them for your website.
If your website uses HTTPS for secure transactions, then you will need to provide us the SSL key and certificate to add to your proxy for port 443. We support strong encryption ciphers as well as HTTP/2 to assure the best possible performance and security of your website.
Session Verification Feature
Our website DDoS protection includes special layer 7 filtering that uses several methods to determine if a page request is legit or not. These include but are not limited to:
- Anomaly Detection in HTTP Requests (HTTP flood)
- Rate-limiting of Connections
- Encrypted Cookie Check
- IP Reputation Check
Web Application Firewall (WAF)
JavaPipe’s high-performance WAF is able to block malformed HTTP requests and bad packets before they can reach your application. Not only does it help to block less complex layer 7 attacks, it also defends against hacking.
Along with DDoS attacks it is not uncommon for attackers to try and exploit and compromise your web application in order to destroy your business. Our WAF mitigates most hacking attempts, including but not limited to:
- SQL Injections (SQLI)
- Cross Site Scripting (XSS & CSS)
- Remote File Inclusions (RFI)
- Local File Inclusion (LFI)
- Cross Site Request Forgery (CSRF)
- Remote Code Execution
- Bad HTTP Request Methods
IP Address Forwarding
JavaPipe’s remote protection against DDoS for websites is not just limited to the HTTP protocol. An important feature that our competitors lack is that they don’t forward e-mail traffic, which means you won’t be able to receive e-mails on your backend server unless you would reveal your server IP and make it vulnerable to attacks, defying the entire purpose of the attack protection.
With JavaPipe’s solution, SMTP as well as POP3(S) and IMAP(S) ports are being forwarded, so you can receive mails through our remote website protection on your backend server. Control panel ports such as WHM and cPanel ones are also forwarded, but are not enabled by default. If you need to use them, please inform us by ticket.
Forwarding of Common Server Ports
You can have us setup IP forwarding so that your visitors IPs can be handled correctly within your web application. You will need to install mod_rpaf on your backend server. We can assist you in this setup if you simply request for help via support ticket.
Reverse Proxy Control Panel
GuardPanel for website DDoS attack protection allows you to conveniently configure your DDoS proxy service any time you need. It provides you the ability to provide real IP of your server, configure the domains to be protected, and monitor the attacks against your website.
Important Points About the Website Protection
DDoS Filter Tweaking: DDoS mitigation can never be a one size fits all solution. Every site’s traffic has its own set of problems that often require some tweaking to perfect the reverse proxy DDoS protection.
If you feel that your site isn’t being protected well, please let us know and we will work with you.
Mitigation Time: It takes a few seconds to determine the attack type to mitigate. Once mitigated, it continues to protect you from that particular type of attack for the entire session. Because of the varying nature of DDoS attacks, there is no such thing as “instant” filtering.
Some companies may offer “instant” DDoS filtering but what this really means is they are blocking all traffic until all traffic is analyzed thus increasing latency almost two-fold! This “instant” protection may work for websites but is terrible for games.
Currently the fastest DDoS mitigation in the world is about 10 seconds. Some very complex attacks may take up to 90 seconds before they are blocked.
Our industry leading remote DDoS prevention technology is among the fastest in world, and is fully equipped to handle all types of traffic (web, game and applications).
Things You Should Do to Minimize Problems
- Whitelist the secure proxy IP on your backend server. If the proxy can’t connect to your server, then you’ll experience 502 gateway timeout errors.
- Firewall all traffic except from the proxy IP and your direct access to the server. You only want to receive clean bandwidth from the proxy IP address. This eliminates attempts to target your server directly.
- Ensure you have selected the proper location which is closest to your server (US or Europe).
- Tell us about your site and the kind of traffic it uses so that our engineers can fine-tune the DDoS firewall rules according to your application’s needs.
- If you’re seeing a message like “DDoS protection suspended due to possible payment problems” you should make sure that there are no outstanding invoices