- Category: Blog
- Written by Constantin Oesterling
- Hits: 2918
DDoS Protection for WebSocket Applications
We're proud to announce that our Remote DDoS Protection for Websites now fully supports WebSockets. We did have experimental support for WebSocket connections before, which is now fully tested and offered as an official feature of our HTTP remote DDoS protection.
What You Can Do With WebSockets
As part of HTML5 WebSockets became a standard web protocol in 2011. The WebSocket API is used as a way to establish persistent connections between a client (browser) and a server (website) to exchange data in real time. The traditional HTTP protocol requires the client to send a request to the server and wait for its response to display any new or changed data that might have been generated. This makes it close to impossible or at least very hard to display dynamic data in real time on a website or HTTP-based application.
WebSockets resolve this problem by establishing a persistent connection between the client and the server to allow event-based data exchange. Through this persistent connection the server can "push" data to the client in real time. This makes it perfect for web-based chat systems for example.
If you want to learn more about WebSockets or want to start using them, you should check out the Socket.IO framework. It's supported by our remote protection and offers easy integration of WebSockets into your existing application. You can find several examples on their website.
How to Protect WebSockets from DDoS Attacks
Unlike certain competitors, JavaPipe supports WebSockets with its remote protection for websites without any additional costs. Even the smallest plan supports WebSockets as well as any other feature (WAF, caching, SPDY & much more). JavaPipe charges only based on the amount of traffic it scrubs and forwards to the origin server and the allocated DDoS protection capacity.
In addition to the remote protection you should make sure to use the best coding practices to avoid any DoS vulnerabilities in the application itself. For example you should set WebsSocket handshake timeouts and discard unauthenticated clients after a while if your application requires authentication. This will help prevent very slow attacks aiming at exhausting connections.
1. Order DDoS Protection for Websites
The first step is to order the DDoS protection for websites according to the resources and location you need. Any protection plan for websites supports the WebSocket API. Go through the order form and complete it.
2. Add Your Domain(s) to GuardPanel
Once you received the activation e-mail and access to GuardPanel, you can go ahead and enter the domain(s) you want to protect as well as its origin web server into GuardPanel. Of course you should also follow all instructions from the activation e-mail.
3. Contact JavaPipe Support
Once your domain is configured in GuardPanel and you followed all instructions from the activation e-mail, go to the JavaPipe client area and submit a new support ticket. In this ticket simply mention that you want WebSocket support for your domain(s) and our security experts will adjust the configuration of your protection accordingly.