You are on page 1of 20

DOSarrest Security Services

(DSS) Version 4.0

DOSarrest DSS User Guide


The DSS is the main customer portal where customers can view and manipulate traffic statistics from a
wide variety of variables that are available in real-time. This is also where customers can view, create
and modify their configuration(s) as well as create tickets, user accounts and view the in house
knowledge base.

Should you require any assistance, we are always here to help.

Need a hand?
UK Free Phone 0800 086 8812
CA/US Toll Free 1.888.818.1344
Singapore Toll Free 1.800.101.1796
24/7 Email support support@dosarrest.com
Table of Contents
Status Codes & Connection States ........... 11
1) DSS at A Glance .................................. 2
Cache Statuses ......................................... 12

2) Getting Started ................................... 3


6) Configuration .................................... 13
Important Terms ........................................ 3
Uploading an SSL Certificate .................... 13
Logging In ................................................... 3
Add and Edit URI ...................................... 14
Retrieving your Password .......................... 4
Purge Cache ............................................. 14
Changing & Verifying your Admin email .... 4
Adding a Domain ...................................... 15
Updating Your Timezone ........................... 4
Removing A Domain ................................. 15
Adding an Origin ....................................... 15
3) The Basics ........................................... 4
Changing your Password ............................ 4
7) Tickets .............................................. 16
Adding a Graph to the Dashboard ............. 4
Submitting a New Ticket .......................... 16
Submitting a Ticket .................................... 5
Email Notifications ................................... 17
Viewing a Ticket ......................................... 5
Viewing a Ticket ....................................... 17
Uploading an SSL Certificate ..................... 6
Updating Ticket Status ............................. 17
Responding to an Open Ticket ................. 17
4) Dashboard .......................................... 6
Closing a Ticket ......................................... 17
Default Dashboard .................................... 6
Adding and Removing Participants .......... 17
Dashboard Settings .................................. 6
Removing Graphs from the Dashboard .... 6
8) Knowledge Base ................................ 18

5) Dashboard Graphs .............................. 6


9) Sub-accounts .................................... 18
Blocked Events ........................................... 6
How to add a sub-account ....................... 18
Bandwidth & Connections ......................... 7
How to add access & permissions to sub-
FAQ: Connections Graph & Events ............ 8
account ..................................................... 18
Top Country ................................................ 8
How to change password / email / timezone
Birds Eye, Top URLs, and Top Referers ..... 9 for sub-account ........................................ 18
Visitor ISP and WAF Events ...................... 10 10) Attacks ........................................... 19

1| www.DOSarrest.com
1 DSS at a Glance

1. Event Logs: WAF and web log reporting


2. Origins: Add origins, load balancing options, configure CNAMES, and add virtual
webservers.
3. Configurations: Upload SSL certificates, create URIs, add security features, enable
caching, and purge cache.
4. Accounts: Add user/sub accounts and permissions.
5. Graphs: 13 graphs total, 9 graphs displayed by default:
1. Blocked Events 6. Bird's Eye 11. Status Codes
2. Bandwidth 7. Top URLs 12. Connection States
3. Connections 8. Top Referers 13. Cache statuses
4. Events 9. Visitor ISP
5. Top Country 10. WAF Events (Only if you have WAF enabled)
6. Settings: Edits your password, email, and timezone
7. Logout

2| www.DOSarrest.com
2 Getting Started
IMPORTANT TERMS
VIP: Virtual IP This is the assigned IP from DOSarrest service that your visitors will see.
Origin IP: This is your servers IP. Also known as the Upstream IP.
DSS: DOSarrest Security Services. This is the name of the customer portal.
CV (Client Validation): A security tool to test if visitors are real users.
URIs/URI System: Uniform Resource Identifier A specific location on the website.
For example: / is example.org, /blogs is example.org/blogs, and etc.
Origin Pool: The list of servers you control that we pass clean traffic to.

LOGGING IN

Primary account login


1. Go to http://dss.dosarrest.com
2. Enter your Username and Password.
3. Click Sign in.

Sub-account login
1. Go to http://dss.dosarrest.com
2. Click on underneath Username.
3. Enter Sub-account Username in the Username field, Primary account name on the
Customer Name Field, and password.
4. Click Sign in.

3| www.DOSarrest.com
RETRIEVING YOUR PASSWORD
Click on the on the login form.

You can also send an email directly to our 24/7 support team at support@dosarrest.com to
have your password reset.

CHANGING and VERIFYING YOUR ADMIN EMAIL


To verify and change your admin email, go to the Settings tab on the top right hand corner.
Edit the fields as desired and click Save. If youre logging into the DSS for the first time you
should consider changing the password for security.

UPDATING YOUR TIMEZONE


Go to the Settings tab click on the dropdown menu on Timezone and select from your
desired time zone. Once completed, click Save

3 The Basics
CHANGING YOUR PASSWORD
Go to the Settings tab and enter your new password in the Password field. Enter it again in
the Confirm Password field and click Save.

ADDING A GRAPH TO THE DASHBOARD


Go to click on the dropdown menu GRAPHS: Here you can select from 13
graphs.
Default Setting: Displays 9 graphs: Blocked Events, Bandwidth, Connections, Events, Top
Country, Bird's Eye, Top URLs, Top Referers, and Visitor ISP

4| www.DOSarrest.com
SUBMITTING A TICKET
Go to , click on Open New Ticket. Use the dropdown menus to define your tickets
Type, Priority level, Subject and Description. Add attachments if you have them, and click
Save.

VIEWING A TICKET
Go to . This screen will be filtered by default All. You can filter the tickets
accordingly from the dropdown menus, Status (All, New, Open, Closed, and Resolved), Priority
(All, Low, Medium, High, and Emergency) and Type (All, Problem, Question, Feature). Click on

the ticket you want to read. Click on to expand and view the conversation.

UPLOADING AN SSL CERTIFICATE


SSL upload is accessed by going to , select your VIP.
Checkmark HTTPS under the General tab beside Protocols

The SSL upload window will appear once the HTTPS box is checked. Here you can upload or
copy and paste your SSL cert and key in the field box. If your file is in PEM or P12/PFX format,
click on you can choose from the PEM or P12/PFX tab and upload the SSL
certificate and SSL security key files as directed. Enter your SSL password twice and click
Upload.

Click on to verify the cert and keys match. If it is a successful match you will
receive the following message Save once done.
There will be a red bar on the top of the browser,
click on it to commit the changes, and youll
receive an email confirmation/notification once the update has been applied and is active.

You can also have our 24/7 support team upload the SSL certificate. Send an email to our 24/7
support team at support@DOSarrest.com and youll receive a response within 10-15 minutes.

5| www.DOSarrest.com
4 Dashboard
The dashboard and reporting tools can be customized for anyone who seeks a high level of
control over their data and how it is displayed.

DEFAULT DASHBOARD
When you first log into the DSS, the Dashboard will be the default tab. By default there will be
nine graphs disaplayed: Blocked Events, Bandwidth, Connections, Events, Top Country, Bird's
Eye, Top URLs, Top Referers, and Visitor ISP.

DASHBOARD SETTINGS
You can configure how your dashboard functions by selecting the VIP on the top left corner,
Locations, Timescale Picker, Auto-Refresh, and Graphs on the dropdown menus.

REMOVING GRAPHS FROM THE DASHBOARD


To remove a graph from the dashboard, while viewing the dashboard, unselect/check from the
Graphs dropdown menu.

5 Dashboard Graphs
BLOCKED EVENTS

6| www.DOSarrest.com
BANDWIDTH

CONNECTIONS

7| www.DOSarrest.com
FAQ: Connections Graph

Why are my VIP connections so high and my origin connections so low?


It is important to understand that there is no association between VIP and origin connections. To understand
this you need to know four important points:
The numbers in the graph are sampled connections, meaning we count them every second. Any
connections that begin and finish between samples are not counted.
VIP and Origin connections can be either HTTP 1.0 or 1.1, depending on the configuration. By default
HTTP 1.0 and 1.1 are used on the VIP-visitor side, while typically only HTTP 1.0 is used on the
Origin side (though this can be enabled if needed).
HTTP 1.1 connections are typically much longer-lasting, and therefore pretty much always get
counted.
HTTP 1.0 connections very often time-out and therefore will not be sampled within the 1 second
timeframe.
This is to say that VIP connections are almost always higher than origin connections and that it does not
necessarily mean that there is an attack. This information should be used to note trends in your total
connections rather than comparing the information between the two graphs.

EVENTS

TOP COUNTRY

8| www.DOSarrest.com
BIRDS EYE

TOP URLs

TOP REFERERS

9| www.DOSarrest.com
VISITOR ISP

WAF EVENTS (Data available only if you have WAF enabled)

10| www.DOSarrest.com
STATUS CODES

Displays the HTTP status code from the web server. Common examples:

Good
200 OK Web page is served without issue.
301 or 302 SEO redirects which seamlessly direct customers to new locations of
pages.
Bad
404 Requesting a page which does not exist.
461 Unsupported transport.

CONNECTION STATES

When transferring information across the Internet the connection will go through multiple
transmission control protocol (TCP) states. This graph displays the TCP state a connection is in
between an end user and the origin IP or VIP.
SYN SENT - (client) initiates communication with server.
SYN RECV (server) follows SYN SENT (handshake).
ESTABLISHED (server and client) handshake is complete and servers are able to
exchange information.

11| www.DOSarrest.com
FIN WAIT 1 (server and client) represents waiting for an acknowledgment of the
connection termination request previously sent.
FIN WAIT 2 (server and client) waiting for a connection termination request from the
remote client.
CLOSE WAIT (server and client) when a server has finished sending information
<waiting <waiting for a connection termination request from the local user>
CLOSING (server and client) waiting for a connection termination request
acknowledgement from the remote TCP.
LAST ACK (server and client) session is open but no data is being transferred. Waiting
for acknowledgement of the connection termination request.
CLOSED response sent to a CloseWait state, which terminates the connection. No
connection state at all.
TIMEWAIT (server or client) connection was not cleanly closed.
The connection will automatically close after a timeout period.

CACHE STATUSES

Displays the caching servers response to a visitors request:


Hit: the information was requested before the stale date. The content was cached and
not stale and so was provided to the visitor without referring to the origin server.
Miss: the content was not cached, and therefore the request was referred back to the
origin server. This information will be cached and so will respond as a hit the next time it
is requested.
Expired: the content was cached but has since become stale so the request was referred
back to the origin server. This information will be cached and respond as a hit the next
time.
Not Cached: the content was marked as private and not cacheable. These requests are
referred back to the origin server.

12| www.DOSarrest.com
6 Configuration
IMPORTANT NOTE
When you make any changes in Configuration, they do NOT take effect immediately, even
when you click Save or Submit. DOSarrests support team quickly does a review to
ensure the changes wont negatively impact your service or level of protection, and then
the changes are applied. You will be notified once they changes are live, or if there are any
issues you need to be aware of, usually within 5 minutes.

UPLOADING AN SSL CERTIFICATE


Go to , select the VIP you want to update the SSL certificate for in the list.
Checkmark HTTPS under the General tab beside Protocols

The SSL upload window will appear once the HTTPS box is checked. Here you can upload or
copy and paste your SSL cert and key in the field box.

If your file is in PEM format, click make sure the PEM Format tab is selected
and upload the SSL certificate and SSL security key files as directed. Enter your SSL password
twice and click Upload. Alternately, you can copy and paste the text from the file into the text
field. In all cases, the new information saved will overwrite the old information.

If your file is in P12 or PFX format make sure the P12/PFX Format tab is selected and upload the
SSL certificate file. Enter your SSL password twice and click Upload.

Alternately, you can copy and paste the text from the SSL certificate file into the text field. In all
cases, the new information saved will overwrite the old information, however nothing will be
permanently altered until the support team reviews the change and applies it (usually within 10
minutes).

13| www.DOSarrest.com
This performs a mathematical verification of the certificate / key pair to
ensure they match correctly. If there is an error you will be notified of a mismatch and will not
be able to continue. If there are no errors then you will be given a success message.

Press Save once done. There will be a red bar on the top of the browser,
click on it to commit the changes, and youll
receive an email confirmation/notification once the update has been applied and is active.

You can also have our 24/7 support team upload the SSL certificate. Send an email to our 24/7
support team at support@DOSarrest.com and youll receive a response within 10-15 minutes.

ADD AND EDIT URI


Go to , select the VIP you want to add a URI to.

Click a window will appear (image below). Enter the URI and choose from the desired
dropdown menus. Check Cache Enabled to customize caching.
To edit the URI, click on the URI from the list. Youll be redirected to a page with

, select the tab accordingly to what you need.


Click Save once completed.

PURGE CACHE
Go to , select the URI you want to purge cache. Click , a window
will appear to re-confirm you want to Purge Cache as this operation is irreversible and all
cached elements will be permanently deleted. Click to confirm, once it reaches 100%
it is completed.

14| www.DOSarrest.com
ADDING A DOMAIN
Go to , select the VIP then click on the tab. Press a window
will appear for you to input the name of the domain you wish to add, select whether it uses
HTTP, HTTPS or both. Once completed press Save
If you selected HTTPS then at this point youll need to upload the SSL certificate. See Uploading
an SSL Certificate for detailed instructions. If you dont, your HTTPS wont function correctly.

A red bar on the top will appear for you to commit the change.

You will receive an email notification once the update has been applied.

REMOVING A DOMAIN
Go to Configuration, select the VIP then click on the Domains tab and select the domain you
wish to remove from the list. Click the Delete button and Yes to confirm.

ADDING AN ORIGIN
Go to and click on . New Origin popup window will appear, fill in the Origin
IP, Port (80 or 443), and Protocol (HTTP or HTTPS).

15| www.DOSarrest.com
7 Tickets
We pride ourselves on having the most responsive and knowledgeable support team in the
business. Our security engineers answer every phone call or respond to every request within 10
minutes, and usually much faster. 24/7/365. No matter what.

Support tickets are viewed immediately and responded to with the same urgency as a phone
call. You are encouraged to use the ticketing system as it is the most effective method of
tracking ticket history and also provides security engineers with the background information
they need to quickly understand and resolve issues.

SUBMITTING A NEW TICKET


Go to Tickets and click on the Open New Ticket button. All of the fields in the form are
required.
Select Type In the dropdown menu choose whether your ticket is about a Problem, Question
or Feature.
Select Priority Use the dropdown menu to choose whether your ticket is Low, Medium, High
or Emergency (only select this if your site is currently down).
Summary Summarize what your ticket is about.
Description Describe what your ticket is about in as much detail as possible.
Add an attachment Upload screen shots or other relevant files by clicking the Add
Attachment button and browsing for the file.
Click Save to complete the submission.
You will receive this message once the ticket is
successfully submitted

16| www.DOSarrest.com
EMAIL NOTIFICATIONS
When a support ticket is opened via the DSS panel an email with the ticket details will be sent
to all participants. Also, when an update to a ticket is made via the DSS an email will get sent to
the participants. Customer can reply to the email and it will be automatically processed by the
DSS and the customers response will be added to the ticket. These emails will come from the
email address support@dosarrest.com. Please white-list this email addresses so that your email
server doesnt block email addresses from it.

VIEWING A TICKET
Go to Tickets. This screen will be set by default to ALL on the menus. You can choose to filter
the drop-down menus by Status (new, open, closed, and resolved), Priority (emergency, high,
medium, and low) and Type (problem, question, and feature). Click on the ticket you want to
read. You can click the + to expand and view each portion of the conversation.

UPDATING TICKET STATUS


Go to Tickets, click on the ticket you want to update. Choose the dropdown menu (Status, Type,
or Priority) you want to update your ticket with, select the new status. A bar will appear below
for you to click Update Ticket Status

RESPONDING TO AN OPEN TICKET


Go to Tickets and click on a ticket you want to response to. Click on the Add Comment
button. Fill out the form and click send. This will send an email to all participants (your own
account as well as support). Support reviews all emails immediately.

CLOSING A TICKET
Go to Tickets, click on the ticket you want to close. Click on the Status dropdown menu and
choose Closed or Resolved to close the ticket. A bar will appear below for you to click
Update Ticket Status, click on it to close your ticket.

ADDING AND REMOVING PARTICIPANTS


Go to Tickets, click on the ticket you want to close. Click on the Participants tab beside the
Communications tab. Press Add Participant then add the Email and click Save. To remove a
participant, click Delete and press Yes to confirm removal.

17| www.DOSarrest.com
8 Knowledge Base
The knowledge base is an in house section which contains information regarding DOSarrests
services with a number of helpful tips and tricks and troubleshooting information.
It is organized is categories or subjects, clicking on the will expand all the articles in that
category.

9 Sub-accounts
Here you can create sub-accounts for staff members or clients. You can customize their access
and permissions for VIPs from view only to being able to make updates on the account.

HOW TO ADD A SUB-ACCOUNT


Go to Accounts then click Add Account, fill in all the fields and click Save.

HOW TO ADD ACCESS AND PERMISSIONS TO SUB-ACCOUNT


Go to Accounts then click on the account you want to add access to.
Click on the Modules tab, here you can grant access to Configuration and Tickets to the sub-
account user. Click on the VIPs tab, click on Add VIP then select the VIP from the dropdown
menu. Select their permissions to View, Update, and Remove for the VIP. Click Save once
done.

HOW TO CHANGE PASSWORD/EMAIL/TIMEZONE FOR SUB-ACCOUNT


Go to Accounts then click on the account you want to change the password, email, or
timeline. Youll be brought to the Generals tab by default; here you can change the password,
email, and timezone. Click Save when the changes are made.

18| www.DOSarrest.com
10 Attacks

Due to the nature of DDoS attacks and the myriad of ways they can be launched, there is no
one way for determining when there is an attack. However, as a general rule, customers can
review VIP versus Origin Bandwidth and/or Connections against each other, where a sudden
increase on the VIP side can be seen as an attack, and the efficacy of the DOSarrest solution
determined by how much of that sudden increase is seen at origin.

19| www.DOSarrest.com