Layer 7 Protection Modes & support

At X4B we have Layer 7 (Application Layer) DDoS & Security Protection for the following protocols. Most applications and game servers do not require specific Layer 7 protection benifiting instead from our dynamic & layer 4+ mitigation. Some game servers and protocols however are either sufficiently complex (e.g HTTP/HTTPS), commonly attacked (e.g DNS and HTTP/HTTPS) or particularly vulnerable (e.g SAMP) for these protocols we implement specific protection modes.

As needed we will extend this list.

HTTP Layer 7 protection

HTTP Layer 7 protection is implemented via a Reverse Proxy (optionally over Encapsulated or Routed Tunnel). We implement extensive in-house developed algorithms for mitigation including Proof of Work challenge and CAPTCHA validation. Custom user supplied Layer 7 rules can also be provided via the dashboard page. This protection is available on "HTTP" type ports and "HTTPS" type below.

For more information on HTTP protection please see:

HTTPS (TLS) Layer 7 protection

HTTPS layer 7 protection is implemented as per the above HTTP protection. Additional protection is provided for SSL specific attacks such as re-negotiation and handshake attacks. This protection is available on "HTTPS" type ports.

Teamspeak 3 Layer 7 protection

Protection against Teamspeak 3 (UDP) connection floods has been implemented using an application layer cookie and protocol validation. This protects against all know Teamspeak 3 Application Layer attacks. This protection is implemented on "TS3" type ports.

Grand Theft Auto: San Andres Multiplayer (GTA SA-MP or GTA SAMP) protection

Protection against protocol vulnerabilities in the joining process & querying protocol. These mitigations are implemented on port 7777 for "UDP" type ports.

FTP protection

For FTP we implement protocol validation and helper support to enable dynamic port forwarding for file transfers enabling both active and passive transfer support without opening large port ranges to backend servers.

DNS protection (coming soon)

For DNS we implement both query validation and edge caching. By caching DNS queries on our Anycast network you can acheive maximum performance and all the benifits of your own Anycast network without deploying a fleet of servers world-wide.

Valve A2S protection (for Half Life series games)

For Half Life (HL1, HL2, and on) games we implement a query cache protocol to protect against query floods.

Active A2S caching for game server list ranking improvement is also available at additional cost. Contact us for pricing.

This protection mode has been tested with:

  • Left for Dead 2
  • Garrys Mod
  • Counterstrike 1.6 and Source
  • Team Fortress 2

It is expected to work with all Half Life 2 engine games.