HOSTKEY and BotGuard DDoS L7 Protection and WAF¶

In this article

• HOSTKEY & BotGuard DDoS L7 Protection and WAF Service
• Adding a Domain under Protection
• Determining the Port Used by Your Site

BotGuard analyzes network traffic at the application layer and detects attacks based on various indicators:

• Behavioral analysis - tracks anomalous user behavior characteristic of bots. For instance, navigation speed, sequence of actions, and so forth.
• Protocol analysis - verifies the correctness of HTTP requests, identifying deviations from protocol standards.
• CAPTCHA and JS challenges - employed to distinguish bots from humans.
• Reputation databases - correlates IP addresses and other traffic parameters with lists of known botnets and attack sources.

Upon detecting malicious traffic, BotGuard blocks requests or throttles processing speed for suspicious IPs, thereby filtering out traffic and countering DDoS attacks at the application layer, i.e., implementing L7 protection against "service denial" attacks.

HOSTKEY and BotGuard DDoS L7 Protection and WAF Service¶

The service provides comprehensive protection for web resources against DDoS attacks at the application layer (L7) and web applications (WAF). To connect, select a suitable tariff plan on the HOSTKEY website, provide necessary information for setting up the service, and pay the invoice.

During the connection process, the site to be protected may be temporarily unavailable before undergoing final setup with a HOSTKEY DevOps engineer. Upon completion of the setup, resources will be shielded from L7 DDoS attacks and malicious web application traffic courtesy of WAF.

Adding a Domain under Protection¶

We distinguish two setup variants depending on the type of used server:

1. A rented HOSTKEY server;
2. An external company's server.

To add a domain under protection, follow this algorithm:

If BotGuard protection service is ordered for a site hosted on our company's servers, the setup process will be significantly simplified:

• On the HOSTKEY website, click Get subscription and select one of the offered tariff plans, then click Get started.

• Fill in the fields in the opened form:

• An email will be sent to the specified address with a link to the service instructions and setup information.

• Indicate whether a redirect from www to root domain is required (e.g., from www.example.com to example.com). If so, please note this additional requirement.

• Once these straightforward steps are complete, our specialists will handle all further setup and connection procedures for BotGuard protection without requiring any additional involvement from your side.

If the server is rented from a third-party company and not from HOSTKEY, and only the BotGuard protection service has been ordered, you will need to modify the A-record (IPv4) and AAAA-record (IPv6) in your hosting provider's DNS settings. The IP addresses for replacement can be found in the automatic email sent after ordering the service. To make these changes:

• Log in to your hosting provider's DNS zone management panel;
• Find the A-record that points to your web server's IPv4 address;
• Replace the IP address in this A-record with the IPv4 address of the BotGuard service (received via email after ordering);
• Find the AAAA-record that points to your web server's IPv6 address;
• Replace the IPv6 address in this AAAA-record with the IPv6 address of the BotGuard service (received via email after ordering):

• Save changes in DNS settings. You can verify the correctness of DNS record changes on the website whatmysdns;
• Provide information about IP addresses (IPv4 and IPv6) and ports for the site that needs to be protected to HOSTKEY employees;
• Indicate whether a redirect from www to root domain is required. If so, you will need to create a corresponding record in your DNS provider's control panel using the IP address assigned to this site.
• Wait for the full update of DNS caches worldwide (up to 48 hours).

Determining the Port Used by Your Site¶

To determine the port used by your site, an administrator can use one of the following methods:

• If your site is hosted on a hosting platform, you can obtain this information from your hosting provider's control panel or by requesting it from technical support.
• Use the netstat or ss command in the terminal/command prompt on the server where your site is running.
• The command netstat -antp | grep 'LISTEN\s*(80\|443)' will display a list of processes listening on ports 80 (HTTP) and 443 (HTTPS).
• The command ss -tulpan will show all TCP and UDP sockets in "listening" mode, including the processes that opened them.
• Use the command ip a to view IP addresses and ports used by your site.

!!! note: "Note" After this, all incoming traffic on your website or application will pass through BotGuard's infrastructure and be filtered according to the settings you specify. Traffic filtering settings are available in the BotGuard control panel's web interface.

• In the Websites tab, additional settings can also be performed. The menu of settings can be opened using the Settings button located on the domain row:

The settings menu contains three submenus:

• Settings;
• Statistics;
• Events.

Settings This section contains settings for processing web requests passing through BotGuard.

It includes three levels of rules in the following order:

• Custom Rules;
• Rulesets;
• Core Rules.

Rules allow you to set policies for bot handling.

Statistics This section contains statistics on bots and their activity on your site:

• Bots Activity;
• Bots Ratio - ratio of bots to real visitors;
• Bots Classification;
• Top 10 Bot Sources;
• Top 10 Bot Targets;
• Security Issues.

Events This section displays specific events related to bot actions on your site:

• Date and Time - date and time;
• URL - page URL;
• Visitor IP - visitor's IP address;
• Country - visitor's country;
• Provider - visitor's provider;
• User Agent - browser's user agent;
• Category - category (bot, human, etc.);
• Mitigation - applied protection methods.

These data enable the analysis of specific bot activity on your site.