Our PCI compliant architecture enforces sanity, size, and time limits on all client requests. We automate the identification of network attacks, such as DOS and DDOS, and provide a multi-level defense, while tracking detailed information necessary to stop the attack permanently.
aiCache can block, overwrite and redirect URL’s, allowing aiCache, not your web servers, to be your first line of defence.
One of the most challenging ordeals for web sites is surviving a Denial-of-Service Attack (DOS). During a DOS attack, a significant volume of bogus, specially formed requests are directed at the web site, often from a network of bots – these are compromised computers all over the Internet, now under complete control of the attackers.
aiCache offers the most complete set of DOS & DDOS countermeasures available in the industry. You already know about the first level of defence offered by aiCache, connection and request/response offloading, sanity checking and URL blocking.
The next level of defence is aiCache’s ability to block IP address ranges. When you know that certain IP addresses are generating the attack traffic, you can configure aiCache to block all connections and requests from such ranges. aiCache servers, when operating in clusters, automatically communicate such blocked IP ranges. You can also whitelist trusted addresses, so that they are never subject to any additional DOS countermeasures.
The next level of defence is the Intelligent Request Throttling. This countermeasure limits requesting clients to certain number of requests per interval. Our method of throttling is different from simple RPS-limiting and is much more user friendly. If your typical page consists of 10-15 items, such 20:10 limit will allow users to view a complete page every 10 seconds, presenting no inconvenience for a human, but stopping bot traffic dead in its tracks.
aiCache has special logic, dedicated to punishing repeat offenders – these are bots trying to drive the highest possible volume of attack traffic. The more traffic these bots generate, the more punishment applied by aiCache.
The final counter-measure is our unique RTATC (Reverse-Turing Access Token Control). This countermeasure challenges the requesting client to prove the presence of a human operator, via a reverse-Turing test. These are tests that any human is capable of passing but a bot will fail.
When the operator challenge receives a satisfactory answer, aiCache allows the requestor access to the site by issuing an Access Token. The Access Token has special intelligence so that it cannot be shared, reused or abused.
In summary, we offer industry leading, comprehensive, integrated application firewall. We would be pleased to discuss your specific environment. These capabilities can be implemented on a short term basis through our clous partners or easily integrated as a permanent protection layer in your datacenter. We provide complete support for deployment and have professional services available for more complex environment.
aiCache saves the day We run 30 or so quad extra large boxes in EC2. When our dedicated load balancer gave way to inbound traffic, we approached aiCache to assist us. They deployed aiCache literally within minutes. We have discovered that it does wonders with caching and has allowed us to remove half the nodes from our app server setup already. Thanks aiCache. -Echo Media
aiCache saves a lot of money We use aiCache at Giant Digital in front of our load balanced AWS hosted servers on Scalr. Although occasionally we do experience high loads that spawn multiple DBs or web servers for the most part aiCache deals with 99% of the traffic that's thrown at it and this is for 20 million+ pages a month servers. -www.gigwise.com
