All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Remote Site DDoS Protection / Nginx Based (Need Testers)
Hi LET Members,
Currently, I am looking for members to trial a fairly simplistic reverse proxy for remote sites. You are simply required to provide feedback on performance and effectiveness (Best if you have a vulnerable site.)
If you are interested, please let me know the following details via PM:
- Domain
- Origin server IP + web server port
The traffic flows like this: PROXY Server (Protected IP) to ORIGIN Server (Vulnerable website) / vice versa
The server is hosted in Germany. The network is able to withstand up to 15-20Gbit/s of DDoS traffic.
Note 1: If attackers know your backend IP, then this type of protection will be ineffective. The proxy server will need to connect to your HTTP web server to deliver the content.
Note 2: Since my server is located in Germany, it would be beneficial for your server to be located in Europe. (performance-wise).
Note 3: I will not be providing SSL support - sorry.
Note 4: Since this a fairly low-end (budget) service, it is not expected to handle 'crazy' amounts of attacks. It is good for sites that need protection occasionally as well as urgently.
Note 5: I am not using OVH / Voxility.
The estimate pricing for this is around $5-$7 monthly. When the trial has finished, I will only be providing this service to 2-3 sites to keep the service stable.
Please let me know ASAP if you want a test IP, participate in the trial or have a look at a test site I have setup.
Thank you.
Edit: I will allow the possibility of SSL sites through SNI.
Comments
Great idea! I am making a similar service, but with SSL support and planning to offer it as freemium (basic free plan and a premium plan later on around $5 monthly). Using OVH.
correct me if I am wrong. Isn't this what cloudflare offers with additional dns management & additional tools, for free
No. Cloudflare don't do free DDoS protection. They do offer business & enterprise plans which covers this.
They do have a basic denial of service protection.
They do mitigate attacks if their network is not that stressed. They've handled a few 10-15 Gbps attacks on a gaming site I run. But longer attacks or very heavy attacks they simply pass through if you're not paying.
They also decrypt all SSL traffic, which is not always acceptable.
Not sure what you mean, but how would SSL be related to the topic?
Well the OP changed the description to say he/she will offer SSL as well on their service. Others mentioned that CloudFlare offers a similar service as the OP is inquiring about. I am adding that CloudFlare's implementation is inherently insecure because it is in essence a Man In The Middle on all SSL connections. If the OP was to take a different approach and just filter DDOS while passing encrypted data at the socket layer then the OP's solution would be superior to CloudFlare for any application where security is required.
Cloudflare does not have DDoS protection but the only attacks that will be sent directly to the origin server are Layer 7 attacks because they target the webserver and not the network and cloudflare can't tell who a Layer 4 attack is for because it's attacking the network not the webserver AKA sending an attack to an IP instead of a website so they treat it as an attack on their own network and not on your site.
So as long as no one has your origin server IP and are not sending you Layer 7 attacks Cloudflare is enough for anyone but nonetheless good luck with your project dud.
And layer 7 attacks aren't exactly hard to block out but yea CloudFlare would just drop you if you got an too big of an l7 attack.
Thank you for the discussion everyone! I am still looking for few more testers. If you are interested, please let me know via PM as soon as possible.
In regards the comparison with CloudFlare, each person's requirements are different. Some users may be looking for a CDN solution or to simply the utilize DNS or basic web protection features. It is true that CF will simply redirect the attack traffic to the origin server when a certain limit is exceeded on the Free/Pro plans.
CloudFlare is definitely the simple solution and will be effective for many projects. I believe the service I am offering will be useful for those that solely need DDoS protection and are on a budget.
I am still evaluating the possibility of SSL through my reverse proxy service but it is most likely that I will pass the encrypted data to the origin server through SSL.
How about some caching options for different sites? Like 1 min caching for dynamic content on high load sites if someone wants it.
Currently, I am intending for a basic reverse proxy service, not including a cloud delivery network or a cache system. I could possibly consider it for popular/high-load sites.
Still looking for testers!