How does Grey Wizard work?
The Grey Wizard protection acts as a proxy server (HTTP proxy) between your servers and the users. This approach enables the whole traffic to by analyzed in real time.
Your webpage is protected against all types of attacks by using rules, advanced algorithms, reputation databases, and efficient broadband links.
How to enable protection for a webpage?
The process of enabling protection for a webpage does not require advanced programming skills. Before enabling the Grey Wizard Shield protection, prepare a list of domains and subdomains to be protected.
During the process, you will receive from us the IP addresses to be entered into the A-type records in your DNS zone.
What should I change in my application?
The activation of the Grey Wizard Shield protection does not require any additional actions. The Grey Wizard technology is independent from the technology you use.
What should I change on my server?
If you want to have an original user IP address, use the 'X-Forwarded-For', 'X-Real-IP' or 'GW-Connecting-IP' header, which is attached to every request.
Configuration for Nginx
set_real_ip_from 188.8.131.52/22; real_ip_header X-Forwarded-For;
Configuration for Apache 2.2:
<IfModule mod_rpaf.c> RPAF_Enable On RPAF_ProxyIPs 184.108.40.206/22 RPAF_Header X-Forwarded-For RPAF_SetHostName On RPAF_SetHTTPS On RPAF_SetPort On </IfModule>
Configuration for Apache 2.4
<IfModule mod_remoteip.c> RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 220.127.116.11/22 </IfModule>
Also it is possible that you will need to change configuration of LogFromat changing the value %h to %a. Microsoft IIS
Microsoft IIS http://www.iis.net/learn/get-started/whats-new-in-iis-85/enhanced-logging-for-iis85
Will my webpage remain available during the activation process?
Yes, your webpage will remain available. However, until the DNS changes are fully propagated, some HTTP requests will be handled directly by your servers, while other requests will be protected by Grey Wizard Shield. The DNS propagation time is typically from one to several hours.
My webpage has been attacked. Do I need the protection?
If your webpage has been attacked, it means that it is attractive to hackers and may be attacked again. If your webpage is popular or profitable, you must protect it against cyberattacks. You have to remember that DDoS attacks may target every webpage.
They are various motivations of such attacks, the most frequent ones being cyberterrorism, hacktivism, swindle attempts, and unfair competition. A very important factor is that the potential losses are incommensurately higher than the attack costs.
Consequences of a DDoS may be huge, including unavailability of your webpage, financial losses, black PR, theft of sensitive data, and various others. It is worth noting that the cost of launching a cyberattack is very low: a few hundred dollars per day.
Can I terminate the protection at any time?
Of course you can terminate the Grey Wizard protection at any time, simply by restoring the previous DNS settings (those used before you enabled the Grey Wizard protection). After the DNS changes have been propagated, which typically takes less than an hour, the whole traffic will again be handled directly by your infrastructure.
However, before you decide to give up the protection against DDoS attacks or protection of the application layer, consider well the consequences. A cyberattack may generate huge financial losses and ruin your image.
In the web server logs I see only a handful of IP addresses. Why?
Grey Wizard acts as a proxy server. It means that the whole traffic goes through the Grey Wizard infrastructure before it reaches your server. That is why all HTTP requests have our address as the source.
If you need the original IP address of your customer, use the headers 'X-Forwarded-For' or 'GW-Connecting-IP'. Some servers require configuring a permitted range of IP addresses such headers can be read from. The list is provided here.
What IP addresses are used by Grey Wizard?
Provided below is a list of IP addresses that may be required by certain components of your infrastructure: 18.104.22.168/22
How to report a problem?
Please have the following information ready so we can process your request faster:
- affected domain
- problem description (website doesn't load, no images, error message, etc.)
- in case there's a Grey Wizard error message, please copy the code in the bottom right-hand corner
- report the issue using the contact form