Web DDoS Protection by Link11

Global MPLS network
with 43 PoPs

Multi-terabit
global network

Guaranteed protection
bandwidths of up to
1 Tbps

How the Link11
DDoS Web technology works

Link11’s Web DDoS protection solution is based on Layer 7 reverse proxy technology. This means that client requests are
redirected via a system based on a web resource, which then initiates the connection to the actual destination. This redirection is
done by changing the corresponding DNS record of the web application to the IP address provided by Link11, thus
providing an additional layer of protection.

Instances

To ensure increased security, the Web DDoS technology is divided into multiple instances, each of which acts as its own
dedicated IP address. Each instance is operated in a Link11 scrubbing center to better counter a large volume attack.

TLS termination

Our technology also effectively protects Link11 customers from HTTP-based attacks (Layer 7).

For this, a separate domain-specific x.509 certificate must be uploaded within the web DDoS protection and the special TLS termination must be switched on. This allows all TLS connections to be analyzed and decrypted. Traffic is then checked for DDoS attacks, re-encrypted and finally forwarded to the Origin server.

DDoS detection and protection measures

As soon as a certain number of accesses overwhelms and paralyzes the backend system, we call it a DDoS attack.
Our DDoS protection includes various measures that prevent this condition from ocurring:

01

Monitoring:

The technology checks the response times and HTTP 50x error messages reported by the backend and automatically launches defense algorithms if anomalies are detected.

02

Scoring system:

The defense mechanism works internally, using a scoring system that evaluates the anomalies and, once a certain threshold is reached, starts blocking IP addresses with conspicuously high scores.

03

Dynamic:

The points allocation and the resulting implementation of the blockade work dynamically.

Web DDoS as part of
the Web Security Suite

The Link11 Web DDoS Protection solution is part of the Web
Security Suite, which includes a variety of add-on
modules that reliably secure your web applications from attacks.
To learn more about Link11’s Web Security Suite and its
features, visit the overview page.

LEARN MORE

Web DDoS Protection

Smarter, Faster, Safer

Global MPLS network
with 43 PoPs

Multi-terabit
global network

Guaranteed protection
bandwidths of up to
1 Tbps

How the Link11
DDoS Web technology works

Instances

To ensure increased security, the Web DDoS technology is divided into multiple instances, each of which acts as its own
dedicated IP address. Each instance is operated in a Link11 scrubbing center to better counter a large volume attack.

TLS termination

DDoS detection and protection measures

As soon as a certain number of accesses overwhelms and paralyzes the backend system, we call it a DDoS attack.
Our DDoS protection includes various measures that prevent this condition from ocurring:

01

Monitoring:

02

Scoring system:

03

Dynamic:

Web DDoS as part of
the Web Security Suite

You would like to learn more
about Web DDoS protection?

Then please contact us personally and we will answer all your open questions.

120,019

1,118,928

Maximum packet rate in 2021 in pps

Largest attack mitigated in 2021 in Mbps