Yandex Smart Web Security overview
Yandex Smart Web Security is a service for protection against DDoS attacks and bots at application level L7 of the OSI model.
You can connect the service to Yandex Application Load Balancer virtual hosts.
In a nutshell, the service checks the HTTP requests sent to the protected resource via the virtual host of the L7 load balancer against the rules configured in the security profile. Depending on the results of the check, the requests are routed to the virtual host, blocked, or sent to Yandex SmartCaptcha for additional verification.
To protect your web apps from external threats, Smart Web Security also implements a Web Application Firewall (WAF).
Monitor and limit web app loads with the help of Advanced Rate Limiter (ARL).
Smart Web Security logs are sent to Yandex Cloud Logging.
Smart Web Security metrics are sent to Yandex Monitoring.
Smart Web Security audit logs are sent to Yandex Audit Trails.
Application Load Balancer coniguration recommendations
To enhance DDoS protection of your applications, follow these additional recommendations:
-
Configure autoscaling. This will allow you to dynamically adapt to the increased load and optimize traffic redistribution.
-
Place resource units in multiple availability zones.
-
Use the secure HTTPS protocol: set up a listener to automatically redirect requests from HTTP to HTTPS.
-
Establish protection at the lower OSI model level: enable basic DDOS protection at levels L3 and L4 to prevent part of attacks at an earlier stage.
These measures in addition to setting up Smart Web Security will increase the resilience of your services to potential threats and ensure secure operation of applications.