How will queries be distributed, should the site have several client IP-addresses?

Used by default will be Round-robin algorithm, and IPhash will be selectable. If required, you may adjust a more flexible balancing of filtered traffic between your addresses. To do this, you may combine the above balancing techniques with the use of backup addresses (Primary-Backup), and assign them a 'weight' (Weighted load balancing) to distribute the load percentagewise. For the relevant details refer to 'Upstreams' Section of the personal account link: https://client.qrator.net/qrator/faq/?page=upstreams

Error Codes

After a DDoS attack launched on our site, we have transferred A-entry in DNS to Qrator IP, though DDoS traffic is still coming.

This might be due to the three following reasons:
- either all the DNS-servers have failed to update their entries, and the traffic is not entirely protected (you have to wait);
- or, before the connection to Qrator, you have failed to change your server IP-address already known to the attacker, and the attack continues directly (ask the hoster for a new ip);
- having failed to change IP-address, you have also failed to make your server unaccessible to all IP-addresses except for our nodes. You can do this in your firewall or referring to hosting provider. Personal account assistance online contains our recommendation for firewall adjustment: https://client.qrator.net/qrator/faq/?page=fwconfig.

Connection Error Codes Under DDoS

There is need for downloading many large files onto a protected site. Might this cause filtration problems?

POST query size is subject to restrictions. In the event of the query size excess, the site users will receive Error 413 message. There are certain options to handle the problem such as:

1. You 'withdraw' from under Qrator protection subdomain upload.example.com, intended to download the files. This will also help you optimize bandwidth of traffic passing through Qrator network;
2. Should there be no large number of clients about to unload heavy files, they may bring into hosts file a direct IP-address of a protected resource, and operate bypassing Qrator network.
3. Deploy a protection technique capable to tunnel the protected application's traffic and adjustable within the framework of service 'HTTPS Filtration with no keys disclosure (PCI-DSS ready)'. For the technique's details refer to link: https://qrator.net/ru/qrator-technologies/https-ne. Although this technique is not liable to the above restriction, please have in mind that all legitimate traffic passing through our network is subject to charges.

Error Codes Qrator system

Is it possible to protect site HTTPS services?

Yes, there are two options:
1) with the disclosure of encryption keys and proxying of the protected application HTTPS traffic. User adjusts the service at personal account by downloading and setting up a chain of certficates with a private key to target domain;
2) w/o the disclosure of keys with the use of protected application traffic tunneling technique (refer to Section [HTTPS filtration w/o disclosure of keys (PCI-DSS ready)](https://qrator.net/ru/qrator-technologies/https-ne)]). User adjusts the service jointly with technical support personnel.

HTTPS Settings

Our WEB server receives many queries from a number of IP-addresses. Might this be an attack?

These are probably our filtration points. All users' queries arrive at such points to be, once analyzed and filtered, proxied to the protected server. Compare suspected addresses with IP-addresses of our filtration nodes (find their list at personal account: https://client.qrator.net/qrator/faq/?page=fwconfig); in the event of their coincidence, we do advise to adjust the processing of header X-Forwarded-For, to which we add users' real addresses: https://client.qrator.net/qrator/faq/?page=realip. Should the addresses differ, create an order at Qrator personal account for the further checkup.


What sort of checkup is Qrator network able to perform when analyzing traffic: according to headers of IP packages, sources of packages, something else?

Traffic analysis is based on many criteria. The major ones are: users' behaviour, history of their queries, service capability of the server protected. Peculiarities of site visitor's act habits in the low-level context of TCP connection will also be taken into consideration.


Is it possible to entirely disable protection for a period of time? Or to disable it for a certain part of the site?

No, protection will only be enabled and disabled by changing A-entry in DNS.


For how long will an IP-address remain on the blacklist?

Once blocked, an IP-address will eventually be deblacklisted at least in 5 minutes and at most in 8 hours.


What are technical support workhours?

We work on 24/7 basis.

Billing plans Under DDoS Visitors Settings

What traffic is subject to rates?

Subject to rates shall be legitimate traffic i.e. users' traffic. Attack traffic shall be no rateable. Chargeable traffic shall be calculated as follows: over an accounting period (calendar month) with 1 minute interval, taken into account shall be an average value of the prevailing traffic band (a maximum between the filtered incoming traffic and the site outgoing traffic) at such interval. At the end of the accounting period, 90 (ninety) maximum values taken into account shall be discarded, then maximum remaining traffic value taken into account shall be rounded down to a whole number of Mbit/s. The number obtained shall stand for the chargeable traffic band value.

Billing plans Settings

I have no idea how to evaluate legitimate traffic band for my site before the connection to your service. How can I do this? I need to precalculate the fee amount.

You may connect to our system for a free weekly test. At the test end, you will find the required statistics at personal account.

Billing plans Settings

What will happen when DDoS band of traffic coming to the site extends beyond the limits provided for by rate plan? Will this affect filtration performance?

Filtration performance will remain unaffected, and DDos will be neutralized. You will be offered a transfer to a rate plan conforming to your risks. In the event of consent, it will remain valid for at least three months. In the event of your refusal, we may limit all the incoming traffic (including the legitimate one) to a level provided for by your rates.

Billing plans Settings Qrator system

According to hosting, intruders have found out the direct IP-address of WEB application, and launched an attack on such address bypassing Qrator network. What can I do?

You have to:
- ask hosting provider for another IP preferably belonging to another subnetwork;
- in your firewall, permit connections from Qrator network nodes alone, banning all the rest. Find relevant instruction at personal account: https://client.qrator.net/qrator/faq/?page=fwconfig;
- at Qrator personal account, replace direct IP-address of the application for a new one obtained from hosting provider

Billing plans Settings

How can I change A-entry of domain?

To change A-entry, use control panel of your hosting provider, should the latter be entrusted with domain name control, or control panel of the recorder having registered your domain. Always change A-entry to make it indicate Qrator network IP-address specified during the registration.

Under DDoS Settings

How fast will Qrator take over the protection of my site, once A-entry at Qrator IP has been changed?

The time depends on the A-entry update rate at all DNS servers, being equal to A-entry TTL that differs between various clients. Qrator network will be ready to process traffic and take over protection as soon as the traffic enters Qrator IP.

Dashboard Under DDoS

Traffic comes to our site from Qrator network nodes. How can we watch IP-addresses of the site visitors when reviewing IP-packages?

We add IP-address of the site user to header 'X-Forwarded-For', find instruction for this header processing adjustment at personal account: https://client.qrator.net/qrator/faq/?page=realip

Error Codes Under DDoS

I have connected on day 20. How will this month subscription fee recalculated?

Subscription fee is chargeable for a month as a whole, irrespective of the connection date. An advice: if you are not under attack, probably it's no need to connect at the end of the month - wait a few days to save the whole month fee.

Under DDoS Settings

My site is under DDoS attack now. How can I get protection as faster and more reliable?

The general concept is as follows:
1. Log in or authorize in the system https://client.qrator.net/auth/register/
2. Create domain https://client.qrator.net/qrator/domain/list/
3. Following the instruction sent to your mail, download certificate to personal account. In the event that the site works to HTTPS, transfer А-entry to Qrator IP.
4. At the same time, we do advise to ask the hosting for a new IP-address, to publish it nowhere, indicating it at Qrator personal account as an upstream to avoid further attack on the direct address.
5. After the transfer of traffic to Qrator IP, make the protected server unaccessible to all addresses except for Qrator IP listed as follows: https://client.qrator.net/qrator/faq/?page=fwconfig

Billing plans Under DDoS Settings

How many times a month and on what day will I receive bills for services?

Each month before day 20, we charge subscription fee for the next month, and before day 5, we charge payment for legitimate traffic passed in the previous month.

Billing plans HTTPS Qrator system

What DDoS-related information may I obtain to my site?

After an attack, a PDF report containing the attack details will be sent to your mail. The report will also be downloadable to personal account: https://client.qrator.net/qrator/reports/

Subscription fee Under DDoS Visitors Settings