Follow

What is Filtering and Mitigation Order for Incoming Proxy Traffic?

Description

  • What is Filtering and Mitigation Order for Incoming Proxy Traffic?
  • What is the order of filters and mitigations that Proxied incoming traffic hits?

Related Silverline Order of Protection Articles:

 

Environment

  • Silverline DDoS Proxy
  • Silverline WAF
  • Proxy

 

Answer

For DDoS Proxy incoming traffic, this is the order that the traffic hits filters and mitigations:

 

1. Predefined Perimeter Filtering:

  • Predefined firewall rules in place to sift through customer inbound traffic in scrubbing centers.
  • Firewall rules are enforced at the perimeter layer before traffic is allowed for further inspection.
    • Picture1.png

 

For more details on this, refer to these KB articles:

 

 

 

2. Customer Defined Perimeter Filtering:

In the portal, customers can choose to either block traffic (Denylist) or completely bypass inspection (Allowlist) based on source IP. These customer defined rules are also enforced at the perimeter.

For more details on this, refer to these KB articles:

 

3. F5 Silverline Mitigation Process

Traffic then passed through the mitigation layer before it is handed to Customer VRF.

  • Attack traffic is scrutinized and countermeasures are applied
  • Depending on the attack, cleaning the traffic can be performed by a specific device or can be a combination of multiple devices
  • Traffic is mitigated in F5 Silverline Scrubbing Center.
    • Picture7.png
  • Proxy Service Mitigation Security Features:

Proxy Security Features

Description

L7 DDoS Profile Management

Silverline will leverage Javascript injection to protect from Layer 7 DDoS attacks.

More details on L& DDoS Profiles:

iRules

Customer can use iRules if they are enabled for customer profile. 

More details on iRules:

Threat Intelligence Profiles

Silverline Threat Intelligence subscription is a premium option which may be added to both DDoS and WAF services for additional visibility and protection. By subscribing to a maintained feed of bad actor host addresses sourced from a world-wide intelligence network, Silverline is able to categorize, block, allow, log and report upon a wide variety of threats as soon as they enter the Silverline datacenters. 

More details on Threat Intelligence:

 

 

Related Content

More Silverline Order of Protection Articles:

Additional articles

 

 

 

 

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request