We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Active DDoS Prevention

Setting Up Barracuda Active DDoS Prevention

  • Last updated on

Follow these steps to set up Barracuda Active DDoS Prevention.

A. Access the Barracuda Active DDoS Prevention Management Console

To access the Barracuda Active DDoS Prevention Management Console:

  1. Log into the Barracuda Web Application Firewall and navigate to the BASIC > Dashboard page.

  2. Scroll down to the DDoS Prevention Service pane.
    DDoSpane.png

  3. For Connectivity to DDoS Prevention Service, select Enable. When prompted, confirm that you want to enable the connection. When you receive the success message, click OK.

  4. In the DDoS Prevention Service pane, click Manage DDoS Prevention Service.

The Web Application Firewall Services page of Barracuda Active DDoS Prevention displays.

B. Set Up DDoS Prevention

For background information on the architecture of a service that uses the Barracuda Active DDoS Prevention, refer to Understanding Service Architecture with Barracuda Active DDoS Prevention.

Before you begin:

On the Web Application Firewall Services page of Barracuda Active DDoS Prevention, find the service you want to protect and click Set Up DDoS Prevention.

WAFservices.png

To set up DDoS prevention on a service:

  1. Hostnames: Enter all possible DNS domains your users will use to access this service, including different forms, like www.example.com and example.com. Click Continue.
    1.setup.png

  2. Backend IP Address: Enter the Backend IP Address for your service. This is typically the Virtual IP Address defined for this service on your Web Application Firewall. Refer to Understanding Service Architecture with Barracuda Active DDoS Prevention for additional details.
    2.setupBackendIP.png

  3. Click Test Connection to ensure that Barracuda can connect to the Backend IP Address you specified.

  4. Modify DNS: Copy each line of information provided so you can change your DNS A records through your hosting provider. If you use the Click to Copy link, the new A record value is copied to your clipboard, so you can paste it directly into your service provider’s interface in the next step. Click Done.
    3.changeArecords.png

If you have more than one A record to change, you might want to keep this window open and open a new window for the next step, so you can copy between the two windows.

 

C. Change A Records through your Domain Provider

Go to your domain provider’s DNS management portal to change the A records you obtained in the previous step. Changing your DNS A records to point to your service’s Service IP Address will redirect all of your web application traffic to Barracuda’s Cloud Scrubbing Centers.

Reach out to your domain provider directly with any questions.

For your convenience, here is a list of popular domain provider knowledgebase entries to help you change your DNS A records.

Note that these sites were current at time of publication and are not affiliated with Barracuda Networks.

You can also find the service IP Address in the Barracuda Active DDoS Prevention Management Console, by selecting Settings, then Basic.

D. Change Origin IP

Change your IP range so historical DNS lookups do not expose your origin IP, allowing an attacker to bypass Barracuda Active DDoS Prevention. In addition, be sure you do not expose your origin IP in other DNS records, such as your MX (mail server) records.

Once you change your DNS records, traffic will automatically flow to the Barracuda Cloud Scrubbing Center. Remember that DNS records are public domain, and there are many places where historical records are archived. These historical DNS records will likely contain your original IP from before you activated Barracuda Active DDoS Protection. Therefore, Barracuda recommends that once you activate Barracuda Active DDoS Protection, you change your IP range so a historical DNS lookup does not expose your origin IP. This could allow an attacker to bypass the Barracuda Cloud Scrubbing Center and attack your network infrastructure directly.

If you are using the Barracuda Email Security Gateway, you can use its Cloud Protection Layer feature to prevent your MX records from being exposed. Refer to How to Set Up Your Cloud Protection Layer in the Barracuda Email Security Gateway documentation for more information. 

 

 

 

Last updated on