Yes, nine.ch is able to provide protection against DDoS attacks through CloudFlare.com, which is optionally available for all managed products.
To protect a server going offline during a DDoS attack, all the web traffic is proxied through CloudFlare servers. CloudFlare is able to filter the traffic and only forward the “real” requests to the web server. Because all DNS entries point to CloudFlare IPs, the attacker is not able to recognize your web server.
Additional, CloudFlare protects your website with a web application firewall (WAF) against known security issues and Cross-site scripting (XSS).
If your website is under attack, CloudFlare shows a page which distinguishes legit from bogus requests.
Each domain that is proxied by CloudFlare, HTTPS is provided for free between CloudFlare and the client.
Additional information about CloudFlare is available on their website, cloudflare.com.
Because of the increased security there are a few limitations:
- The Name Servers must be changed to those provided by CloudFlare, so you will not be able to manage the DNS entries by yourself anymore but only through Nine.
- The whole web traffic is transferred through servers of CloudFlare, where the data is decrypted, filtered, once again encrypted and then forwarded to your server.
- Static content will be cached on the CloudFlare servers. Therefore changes to files such as CSS and JS take a moment until they become active. It is possible to purge the cache manually. Please contact email@example.com if you wish us to do so.
- It is possible that a few requests will be logged with a CloudFlare IP instead of the IP address of the actual visitor.
- Because of technical reasons it is not possible for us to monitor the functionality of the CloudFlare Servers. To monitor your whole site correctly behind the CloudFlare servers, an additional string check is required. It is available with a SLA.