DDoS Protection Service Application

After completing the service request on the service request page, proceed with the steps below in order.

Perform pre-test

1. Before changing the traffic path with SECaaS, run a test to verify that it works correctly.
   • The security monitoring center provides the IP to be used in SECaaS. Example: 103.22.200.1
   • We will explain using aaa.test.com as the website example.
   • Add the example text below to the C:\Windows\System32\drivers\etc\hosts file and save it.
     • Example phrase : 103.22.200.1 aaa.test.com
2. When accessing a URL in Chrome, press F12 and then select F5 (Refresh) in the Network tab at the top of the developer tools.
3. The process completes when the response header ‘X-cdn’ has the imperva value, or when a SECaaS IP is present in the remote address.

Changing DNS Settings

The path is changed so that actual traffic is transmitted via SECaaS.

• We will configure each domain’s address as a CNAME using the provided CNAME domain. When using a CDN, change the CDN’s origin address to a CNAME.
• Root (Naked) domains cannot have a CNAME record. It is recommended to configure an A record using the two default Anycast IPs. If setting both IPs is difficult, configure only one.
  • Example: Register or modify DNS for test.com using the CNAME we provide, and register or modify an A Record DNS for test.com using the IP we provide.

Notify DNS Change

After the DNS change is announced, the security monitoring center checks for proper integration and traffic inflow.

Check Service

Verify normal service connectivity.

• Check whether an SSL certificate error occurs.
• DDoS Protection is operated in detection mode for one month, after which the logs are analyzed and provided to the service owner.
  • If no legitimate traffic is detected as an attack, switch to block mode. If a false positive occurs, verify with the service owner and then add an exception in DDoS Protection.