Did you know that the hacker behind the Mirai Botnet attack – the biggest DDoS attack in history so far – had to repay $8.6 million in damages?
If you didn’t, you know now. But realizing that someone will be held accountable for your possible financial losses doesn’t provide a sense of security, which is a key goal of every ecommerce business. And, by extension, a major consideration here at Amasty.
We’re always coming up with innovative solutions to offer our customers the highest possible level of safety and confidence. And this time, we’ve rolled out a powerful improvement to our top-selling Elastic Search extension – an anti-DDoS protection feature for automated IP blocking.
How Amasty’s Search Protects You Against DDoS Attacks
In essence, any DDoS attack is about flooding a server with excessive, malicious requests. Overwhelmed, a server shows sluggish performance, suffers from errors or timeouts, and can even crash entirely, making a website fully unavailable.
To address these dangers, Amasty now lets every user of Elastic (or Advanced) Search easily set a limit number of search requests for a certain timeframe. If a specific IP address exceeds this limit and keeps trying to access your website, it will be automatically blocked on a reasonable suspicion of being malicious.
More Benefits of Amasty’s Improved Search
Automatically blocking IP addresses that exceed search request limits is a sure way to prevent your server from being taken down. But there’s more to our improvement than just securing against DDoS. Here’s what else you get:
Advanced security enhancement
Search requests limits safeguard your ecommerce solution from all types of cyberattacks that involve sending a large volume of requests. This means that you can effectively deter fraudsters who try repetitive actions like data scraping for stealing sensitive information.
Reduced server costs
A high volume of requests consumes server resources and bandwidth, which can dramatically increase your server costs. Enforcing search request limits will help you optimize the use of your server resources and pay only for the genuine traffic loads.
Improved user experience
While malicious users have a twisted kind of fun by attacking websites, real customers experience understandable frustrations as they can’t find what they need or even fail to access a website at all. By preventing system overloads, you can guarantee stable access, fast response times, and smooth service.
How to Activate Request Limits in Amasty’s Search Extensions
In your ‘Module Configuration’ settings in the admin panel, you can now notice a new tab called ‘Search Requests Limitation’.
Mind that the settings in this tab have global scope and are shared across your entire Magento installation. Let’s see how to set up automatic IP blocking here:
- Click on the arrow on the right to view all the settings in the tab.
- In the ‘Block Requests from One IP Address’ dropdown menu, choose ‘Yes’ to activate the auto-blocking feature.
- In ‘Requests Number’ below, set the maximum number of requests a single IP address can send during a set period of time.
- Now, set this period of time in ‘Period in Minutes’.
- Click ‘Save Config’ to have the settings applied.
And you’re all set – your search extension will now automatically block each IP address that exceeds the parameters you’ve set.
On a Final Note: Recommended Request Limit Parameters
Amasty's team generally recommends setting the maximum number of requests to around 5 per 1 minute. This would allow for a reasonable number of search requests while still providing a level of protection against abuse and DDoS attacks.
Still, this is a general recommendation. Your parameters should reflect your specific circumstances and can be different. Consider your website's traffic, analyze user behavior, and make adjustments to the rate limit parameters accordingly. We also advise reviewing the rate limits once a month to make sure you keep striking the right balance between security and user experience for your online store.
Amasty's Elastic Search Extension
Secure your website against cyber attacks and deliver top-notch user experience!