Link11 WAAP
v2.16
v2.16
  • Link11 WAAP v2.16 Portal
  • Introduction
  • Getting Started
  • Setup Checklists
  • Marketplace onboarding
  • Console UI Walkthrough
    • General UI flow
    • Traffic
      • Traffic Concepts
      • Dashboard
      • View Log
    • Security
      • Security Section Concepts
      • Dynamic Rules
      • Quarantined
      • Profiles
        • Profile Concepts
        • Profiles
        • ACL Policies
        • WAF/IPS Policies
        • Custom Signature
      • Args Analysis
      • Tag Rules
      • Rate Limiting
      • Cloud Functions
    • Settings
      • Web Proxy
      • Backend Services
      • Error Pages
      • SSL
      • DNS
      • Planet Overview
      • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Using the Reblaze Query Box
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Ban, Unban, and Whitelist Traffic Sources
      • Bypass Rate Limits for Loadtesting
      • Control Caching Behavior
      • Filter by Content
      • Quickly Block an Attacker
      • Secure Traffic from a Third-Party Page
      • Set Rate Limits and Exemptions
      • Set up SIEM/SOC integration
      • Video Tutorials
        • DNS Training
    • API
      • Reblaze REST API
      • Mobile SDK
  • Reference Information
    • Access log-structure
    • Acronyms
    • Deployment Terminology
    • Hostile Bot Detection / RCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Pattern Matching Syntax
    • Signatures
    • Tags
    • TTL Expression Syntax
  • Support
Powered by GitBook
On this page
  • Overview
  • Prerequisite
  • Configuring your environment
  • Setting up Reblaze
  • Testing your setup

Was this helpful?

Export as PDF

Setup Checklists

Easy-to-use checklists for starting and testing Reblaze

PreviousGetting StartedNextGeneral UI flow

Last updated 8 days ago

Was this helpful?

An update is pending for this section. You can use the description below to gather information you'll need for the setup, but please contact Reblaze support for the current instructions.

Overview

Please go through these checklists, and verify that their actions have been completed, both before and after your traffic is routed through Reblaze.

There are three checklists below: two for setup, and one for testing.

Prerequisite

Before going through the checklists below, you should already have performed the actions listed in .

Configuring your environment

Item

Action

More Information

Web Server Firewall

& Hosting Firewall

Verify that Reblaze IPs are whitelisted in the firewall.

Also, please ensure that only Reblaze IPs are able to access your web server, i.e. block access for all non-Reblaze IPs. This can be done via a set of rules for your firewall, or via .htaccess files.

Rate Limits

Verify that you're not using any Rate Limit/QOS rules that apply to Reblaze IPs.

This avoids potential blacklisting of Reblaze, and other availability issues. (If Rate Limits are applied, Reblaze can be misidentified as a DDoS source.)

Website Cache Settings

Ensure that each site/application returns the correct caching instructions.

Setting up Reblaze

Item

Action

More Information

Upstream Server

Verify that the settings for each domain/site are correct.

SSL

Non- Browser Applications

If your application serves bots or other non-browser clients (e.g., monitoring services, mobile/native applications using an API, etc.), you will need to exempt them from Reblaze's browser challenges.

Web Application Firewall (WAF)

Block Known Sources

Reject traffic from sources known to be hostile (e.g., IPs, countries, etc.)

Whitelist Known Sources

Exempt specific traffic sources from inspection and filtering.

DDoS Settings (Rate Limits)

Review the rate limits to ensure they match your site's capacity. For most use cases, the default settings should work well.

Alerts

Review and customize alerts and notifications according to your needs.

Account

Sometimes new customers enter placeholder values at first. Ideally, correct values would be in place by the time Reblaze is active.

Testing your setup

When the following checklist has been completed, you'll be ready to go.

Note: by default, Reblaze is deployed in Report mode for all applications. In this mode, it will not block traffic; it merely reports on the traffic it would have blocked, if that application had been set to Active mode.

Item

What to verify

More Information

Check DNS

Run a DNS query for the website, and validate that the DNS records of the HTTP/S services are pointing to Reblaze CNAME /IPs only.

Test Traffic

Test Non-Browser Clients

If applicable, generate and test traffic from non-browser clients, and verify via the Dashboard that the requests are not blocked/reported.

This is to validate the (optional) settings configured for non-browser clients, as described in the checklist above.

Monitor and Optimize Settings

You can also control caching behavior through Reblaze using .

Servers are defined in . Security policies are assigned to domain/site URIs on the page.

Verify that your SSL setup (which should have been performed already, as described in ) is complete before routing traffic to Reblaze. (Note that if you want Reblaze to generate Let's Encrypt certificates for you, the traffic must be routed to Reblaze before the certificate can be generated.)

You can use pre-existing certificates, or generate new ones via Reblaze. .

Mobile/native applications are exempted by using the .

For other non-browser clients, you should . It is highly recommended that you to replace them. More info on the overall challenge process is .

Review the default and , to ensure they meet your needs. If more customized rulesets are needed, define new Policies.

The Policies are assigned to URIs within the sites/domains in the section of the page.

Lists of sources are selected/defined in . Their associated tags are included within with an operation of "Deny".

Lists of sources are selected/defined in . Their associated tags are included within with an operation of "Allow" or "Bypass".

Some settings are in ; others are in . .

Done within the .

Review your to ensure they are correct.

You can use tools such as .

Generate traffic to your site, and verify that it is being displayed in the . For more in-depth traffic inspection, you can use the . If SSL traffic is used, use your web browser to validate that the right certificate is being used.

Both the Dashboard and View Log include a Query box to filter their displays. Here's .

As traffic is processed by Reblaze, review the Dashboard (and ideally, the View Log) to see the decisions that are being made. Optimize Reblaze until it is performing as expected. Once you are satisfied with Reblaze's traffic scrubbing, .

Reblaze's logs are a rich source of insights into incoming traffic. Highly recommended reading:

Getting Started
move your application(s) from Report mode to Active mode
Cloud Functions
Backend Services
Web Proxy
More info
Mobile SDK
ACL Policy
WAF/IPS Policy
Session Profiling
ACL Policies
Session Profiling
ACL Policies
Planet Overview
account settings
https://dnschecker.org/
Dashboard
View Log
how to use the Reblaze Query Box
Understanding and Diagnosing Traffic Issues.
enable Passive Challenges
Web Proxy
Dynamic Rules
More info about this
here
Security Profiles
Advanced Frontend Settings
Getting Started
disable Active Challenges