Secure Your Defense-in-Depth Strategy To Combat Layer 7 DDoS Attacks
Last updated on: March 22, 2023
Qualys’ security team has observed a rapid increase in volumetric application-layer attacks on our services due to changing threat landscapes. Our security team constantly updates and enhances its defense-in-depth strategy in response to such volumetric and evolving threats.
To combat layer 7 DDoS (Distributed Denial of Service), we are adding another layer of protection beyond our perimeter, capable of handling TBs of volumetric attacks and improving the overall availability and security of our cloud platform and services. Moreover, this enhancement will allow Qualys’ security team to prevent future service disruptions.
When this enhancement goes live, you’ll need to do the following to access the cloud platform:
These IP addresses must be whitelisted on your proxy, web gateway, or firewall:
162.159.152.21 and 162.159.153.243
As per the schedule below, the enhancements will be rolled out phase by phase across pods (data centers). You will receive an email from Qualys before your POD is enhanced.
Need more insights! Please refer to the commonly asked questions.
Here is where you can check your POD status: https://status.qualys.com/
| POD Name | Release Date | Expected Implementation Date |
|---|---|---|
| US POD 03 | 7-Apr-23 | 06:00 AM – 08:00 AM UTC |
| US POD 02 | 10-Apr-23 | 06:00 AM – 08:00 AM UTC |
| US POD 01 | 17-Apr-23 | 06:00 AM – 08:00 AM UTC |
| CA1 POD | 24-Apr-23 | 06:00 AM – 08:00 AM UTC |
| EU2 POD 2 | 2-May-23 | 03:00 AM – 05:00 AM UTC |
| EU1 POD 1 | 8-May-23 | 03:00 AM – 05:00 AM UTC |
| AE1 POD | 15-May-23 | 16:00 PM – 18:00 PM UTC |
| AU1 POD | 22-May-23 | 16:00 PM – 18:00 PM UTC |
| UK1 POD | 30-May-23 | 19:00 PM – 21:00 PM UTC |
| IN01 POD | 5-Jun-23 | 15:00 PM – 17:00 PM UTC |
Are you going to release guidance on how this will actually work? It’s my understanding of Cloudflare that your customers shouldn’t have to make any changes with you utilizing their services. Is this change just impacting users of the UI and / or API or does it impact Agents as well?
What is the impact to customers if we don’t do this? Would this block agents from connecting to the cloud? Will it block GUI access? What about 3rd party integrations? Please explain this better so we can justify the change control on our end.
Must they be whitelisted for all ports and for TCP and UDP? any other protocols?
More information is required, please. What ports, protocols, direction?