Good website protection requires a layered approach. We described the main settings in the "Create and configure resource under protection" article. Implement additional protective measures to minimize the website vulnerability.
An attacker can get your real IP using DNS History and attack it directly. Get a new IP and put it in the "Original IP" field in the Control panel. Don't mention/publish the IP anywhere else.
If you have subdomains or other records that point to the real IP, change them to another IP.
Ensure that your HTML code doesn't have references to your real IP.
Limit access to your server for all but our subnets and some trusted IPs. We mention ways to set the limits in the "Deny access to everyone except trusted IPs and Gcore subnets" article.
Configure a separate email server. If you are running your mail server on the same server as your website, an attacker can find your origin server IP.
Configure the X-Forwarded-For HTTP header to restore real visitors' IP addresses. Otherwise, you will see requests only from our subnets.
By default, we protect only IPv4 addresses, so if your website is also available via IPv6 we recommend removing the A record for IPv6 address from your DNS settings or adding protection for it. The IPv6 protection can be added by request. For details, reach us via chat or email to firstname.lastname@example.org.
Was this article helpful?
Discover the all-in-one Web security solution by Gcore