Setup Checklists
Easy-to-use checklists for starting and testing Reblaze
Last updated
Was this helpful?
Easy-to-use checklists for starting and testing Reblaze
Last updated
Was this helpful?
Please go through these checklists, and verify that their actions have been completed, both before and after your traffic is routed through Reblaze.
There are three checklists below: two for setup, and one for testing.
Before going through the checklists below, you should already have performed the actions listed in .
Item
Action
More Information
Web Server Firewall
& Hosting Firewall
Verify that Reblaze IPs are whitelisted in the firewall.
Also, please ensure that only Reblaze IPs are able to access your web server, i.e. block access for all non-Reblaze IPs. This can be done via a set of rules for your firewall, or via .htaccess files.
Rate Limits
Verify that you're not using any Rate Limit/QOS rules that apply to Reblaze IPs.
This avoids potential blacklisting of Reblaze, and other availability issues. (If Rate Limits are applied, Reblaze can be misidentified as a DDoS source.)
Website Cache Settings
Ensure that each site/application returns the correct caching instructions.
Item
Action
More Information
Upstream Server
Verify that the Web Proxy settings for each domain/site are correct. (These settings define where and how Reblaze forwards incoming traffic.)
SSL
Non- Browser Applications
If your application serves bots or other non-browser clients (e.g., monitoring services, mobile/native applications using an API, etc.), you will need to exempt them from Reblaze's browser challenges.
HTTPS
Enable traffic via HTTPS.
Block Known Sources
Define ACL Policies to reject traffic from sources known to be hostile (e.g., IPs, countries, etc.)
Whitelist Known Sources
Exempt specific traffic sources from inspection and filtering.
Web Application Firewall (WAF)
DDoS Settings (Rate Limits)
Cache Settings
Alerts
Review and customize alerts and notifications according to your needs.
Account
Sometimes new customers enter placeholder values at first. Ideally, correct values would be in place by the time Reblaze is active.
When the following checklist has been completed, you'll be ready to go.
Item
What to verify
More Information
Check DNS
Run a DNS query for the website, and validate that the DNS records of the HTTP/S services are pointing to Reblaze CNAME /IPs only.
Test Traffic
Test Non-Browser Clients
If applicable, generate and test traffic from non-browser clients, and verify via the Dashboard that the requests are not blocked/reported.
This is to validate the (optional) settings configured for non-browser clients, as described in the checklist above.
Monitor and Optimize Settings
You can also , as mentioned below.
Defined via and also .
Verify that your SSL setup (which should have been performed already, as described in ) is complete before routing traffic to Reblaze. (Note that if you want Reblaze to generate Let's Encrypt certificates for you, the traffic must be routed to Reblaze before the certificate can be generated.)
You can use pre-existing certificates, or generate new ones via Reblaze. .
Mobile/native applications are exempted by using the .
For other non-browser clients, you should . It is highly recommended that you to replace them. More info on the overall challenge process is .
Make sure that the are configured properly.
This is done with that include with an operation of "Deny".
This is done with that include with an operation of "Allow" or "Bypass".
Review the default and , to ensure they meet your needs. Define new ones if necessary.
The Policies are included in one or more , which are then assigned to appropriate locations within your site .
Review the to ensure they match your site's capacity. For most use cases, the default settings should work well.
In addition to the general rate limits, it's also possible to define limits for specific site locations and/or traffic sources. .
Review the applications' cache settings in their .
Reblaze has a variety of caching options. Its settings are explained .
.
Review your to ensure they are correct.
Note: by default, Reblaze is deployed in for all applications. In this mode, it will not block traffic; it merely reports on the traffic it would have blocked, if that application had been set to Active mode.
You can use tools such as .
Generate traffic to your site, and verify that it is being displayed in the . For more in-depth traffic inspection, you can use the . If SSL traffic is used, use your web browser to validate that the right certificate is being used.
Both the Dashboard and View Log include a Query box to filter their displays. Here's .
As traffic is processed by Reblaze, review the Dashboard (and ideally, the View Log) to see the decisions that are being made. Optimize Reblaze until it is performing as expected. Once you are satisfied with Reblaze's traffic scrubbing, .
Reblaze's logs are a rich source of insights into incoming traffic. Highly recommended reading: