Secure Your Defense-in-Depth Strategy To Combat Layer 7 DDoS Attacks

Qualys

Last updated on: August 21, 2023

Qualys’ security team has observed a rapid increase in volumetric application-layer attacks on our services due to changing threat landscapes. Our security team constantly updates and enhances its defense-in-depth strategy in response to such volumetric and evolving threats.

To combat layer 7 DDoS (Distributed Denial of Service), we are adding another layer of protection beyond our perimeter, capable of handling TBs of volumetric attacks and improving the overall availability and security of our cloud platform and services. Moreover, this enhancement will allow Qualys’ security team to prevent future service disruptions.

When this enhancement goes live, you will need to do the following to access the cloud platform. These IP addresses must be whitelisted on your proxy, web gateway, or firewall:

162.159.152.21 and 162.159.153.243

During this transition of previous pod URLs under the Cloudflare L7 protection, our security/NOC teams are closely monitoring the customer traffic. Our NOC team has noticed a few of our customers are using the legacy methods for API calls (e.g., https://qualysguard.qg2.apps.qualys.com/api/2.0/fo/asset/host/vm/detection) rather than dedicated Qualys API endpoints (e.g., https://qualysapi.qg2.apps.qualys.com/api/2.0/fo/asset/host/vm/detection) which might result in API response failure post migration to Cloudflare.

Note: This change is applicable for both API v 1.0 and API v 2.0

Qualys recommends customers to use dedicated Qualys API endpoints for all API use cases. Please refer below mentioned links from our documentation.

The phased rollout of enhancements across our PODs has been extended to give customers more time to make the needed changes. We apologize for any inconvenience and new rollout dates are listed below in the table. We appreciate your patience as we aim to improve our services and provide the best possible customer experience.

Should you need more insights, refer to these commonly asked questions.

Here is where you can check your POD status: https://status.qualys.com/

POD NameRelease DateExpected Implementation Date
UK POD 01 22-May-23 03:00 AM – 05:00 AM UTC 
AE POD 01 29-May-23 04:00 PM – 06:00 PM UTC 
IN POD 01 05-Jun-23 03:00 PM – 05:00 PM UTC 
US POD 03 12-Jun-23 06:00 AM – 08:00 AM UTC 
US POD 02 13-Jul-23 06:00 AM – 08:00 AM UTC 
US POD 01 13-Jul-23 06:00 AM – 08:00 AM UTC 
CA POD 01 24-Jul-23 06:00 AM – 08:00 AM UTC  
EU POD 02 31-Jul-23 03:00 AM – 05:00 AM UTC 
EU POD 01 7-Aug-23 03:00 AM – 05:00 AM UTC  
AU POD 01 14-Aug-23 04:00 PM – 06:00 PM UTC 
KSA POD 01 05-Sep-23 04:00 PM – 06:00 PM UTC 

If you need any further assistance, please do not hesitate to contact our support team via the support channel.

Show Comments (6)

Comments

Your email address will not be published. Required fields are marked *

  1. Are you going to release guidance on how this will actually work? It’s my understanding of Cloudflare that your customers shouldn’t have to make any changes with you utilizing their services. Is this change just impacting users of the UI and / or API or does it impact Agents as well?

  2. What is the impact to customers if we don’t do this? Would this block agents from connecting to the cloud? Will it block GUI access? What about 3rd party integrations? Please explain this better so we can justify the change control on our end.

  3. Agree with others, various components “access the cloud platform”, whether it be my browser to access the UI, API calls, agents etc etc. I too would like to know more about what in particular will be impacted. Thanks