General

  • How does it work?
    Grey Wizard is a proxy server (HTTP Proxy) and analyzes entire traffic in real time. We use rules and complex algorithms to inspect the user behavior and to protect your website against both web and application-level attacks. Our high bandwidth data transfer can take the biggest attacks, effectively blocking bot and robot traffic. Such protection ensures your website is available online for real users.
  • What does the process of connecting my website to Grey Wizard look like?
    Prepare the list of all domains and subdomains you want protected. After you contact our technical team, you will receive IP addresses, which you then have to enter in your DNS zone as A-type records.
  • What do I have to change in my app?
    You don't have to change anything. Grey Wizard is independent of the technology you use.
  • What do I have to change in my web server?
    If you want to have an original user IP address, use the 'X-Forwarded-For', 'X-Real-IP' or 'GW-Connecting-IP' header, which is attached to every request.
    Configuration for Nginx:
    set_real_ip_from 185.66.120.0/22;
    real_ip_header X-Forwarded-For;
    Configuration for Apache 2.2
    <IfModule mod_rpaf.c>
    RPAF_Enable On
    RPAF_ProxyIPs 185.66.120.0/22
    RPAF_Header X-Forwarded-For
    RPAF_SetHostName On
    RPAF_SetHTTPS On
    RPAF_SetPort On
    </IfModule>
    Configuration for Apache 2.4
    <IfModule mod_remoteip.c>
    RemoteIPHeader X-Forwarded-For
    RemoteIPTrustedProxy 185.66.120.0/22
    </IfModule>
    Also it is possible that you will need to change configuration of LogFromat changing the value %h to %a.
  • Is my website going to be available while being connected?
    Yes, while your website is being connected, it is still available online. Until the new DNS entries are propagated, some requests will be served from your server, while others will go through Grey Wizard.
  • My website has never been attacked – do I need protection in that case?
    If your website is popular or brings financial profits, it is highly likely to be subject to DDoS attacks one day. There are many consequences of such attacks: service unavailability, hardware and connection overload, engaging your whole IT team in fighting the attack, or financial losses resulting from service unavailability.
  • Can I disable protection at any moment?
    Yes, you only need to change your DNS zone settings and wait for entries to re-propagate. It usually takes less than an hour.

Other questions

  • Why do I only see Grey Wizard IP addresses in my logs?
    Grey Wizard is a proxy server, which means we can filter traffic before it reaches your website. As a result, every request which reaches your server has our IP address. If you want to have an IP addresses of the original user, use the headers 'X-Forwarded-For', 'X-Real-IP' or 'GW-Connecting-IP', which is attached to every request. Some web servers require sending the list of X-Real-IP allowed addresses, which you'll find here. here
  • How do I report a problem with Grey Wizard?
    Please have the following information ready so we can process your request faster:
    • affected domain,
    • problem description (website doesn't load, no images, error message, etc.),
    • in case there's a Grey Wizard error message, please copy the code in the bottom right-hand corner,
    • report the issue using the contact form
  • What IP addresses does Grey Wizard use?
    Here's the list IP addresses required by some of the components of your infrastructure:
    • 185.66.120.0/22
    Download the list in txt format

WAF

  • What is WAF?
    WAF (Web Application Firewall) is the software which inspects the incoming HTTP traffic. Using the pre-defined rules or the rules based on behavioral analysis, it can effectively block application-level attacks. The most common attacks blocked on this level are XSS (cross-site scripting) and SQL injection.
  • What rules does WAF use?
    The set of rules was composed based on those available within the ModSecurity software and on our own experience. What is worth mentioning here is that the rules were selected in such a way as to minimize the “false positive” type of alarms. Additionally, we add new rules whenever a new threat appears.
  • How often are the rules updated?
    Grey Wizard monitors new threats and application-level attacks continuously, therefore new rules are practically updated on an ongoing basis and immediately made available for all our users.
  • Can I disable a rule?
    Yes, this option is available once you have logged in, from a website panel – in the WAF tab.
  • Can I add my own rule?
    Yes, however you need to contact our technical team to do that.

DNS

  • What do I have to change in settings?
    In order to direct your traffic to our infrastructure, the primary domain DNS record needs to be changed, as well as all sub-domains under which the website is available. In case of other services besides websites, please contact our technical advisor to discuss details
  • Do I always have to change DNS settings?
    In case of the BGP protection, the IP address does not change and this process is much faster. However, you need to prepare your network infrastructure accordingly. Please contact our technical team if you wish to do that.

SSL

  • Do you support SSL?
    Grey Wizard offers the SSL support, and we divide it into several methods. Depending on the selected option, you have more accurate analysis and, consequently, better protection for your app.