Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services
Docs/Cloud Scrubbing

Cloud Scrubbing Integrations

Auto-divert traffic to upstream scrubbing providers when attacks are detected

Cloud scrubbing integrations require admin or owner role. They work independently of firewall rules - you can use both together.

Overview

Cloud scrubbing integrations connect Flowtriq to upstream DDoS mitigation providers. When an attack is detected, Flowtriq calls the provider's API to activate traffic scrubbing. When the attack resolves, scrubbing is automatically deactivated and direct routing resumes.

This is different from firewall rules (which run firewall commands on your server). Cloud scrubbing diverts traffic at the network level before it reaches your infrastructure.

Supported Providers

ProviderMechanismCostBest For
Cloudflare Magic TransitBGP prefix advertisement via APIOn-demand pricing (pay only during attacks)Any infrastructure with /24+ IP space
OVH DDoS ProtectionPermanent mitigation mode toggle via APIFree (included with all OVH dedicated servers)Game servers and apps hosted on OVH/SoYouStart
Hetzner FirewallHardware firewall activation via Robot APIFree (included with all Hetzner dedicated servers)Apps hosted on Hetzner dedicated servers

Setup: Cloudflare Magic Transit

Prerequisites

  • A Cloudflare account with Magic Transit enabled
  • At least one IP prefix (/24 or larger) configured in Cloudflare
  • An API token with Account:IP Prefixes:Edit and Account:Magic Transit:Edit scopes

Configuration Steps

  1. Go to Dashboard → Integrations
  2. Select Cloudflare Magic Transit (Scrubbing) from the type dropdown
  3. Enter your API Token, Account ID, and Prefix ID
  4. Enable Auto-divert to automatically announce the prefix when attacks are detected
  5. Click Add Integration
  6. Use the Test button to verify credentials and prefix access

Finding Your Prefix ID

After adding the integration, click Test - the response will show how many prefixes are on your account. To get specific prefix IDs, use the Cloudflare API:

curl -X GET "https://api.cloudflare.com/client/v4/accounts/{account_id}/addressing/prefixes" \
  -H "Authorization: Bearer {api_token}" \
  -H "Content-Type: application/json"

How It Works

  1. Flowtriq detects an attack on one of your nodes
  2. Flowtriq calls PATCH /accounts/{id}/addressing/prefixes/{prefix_id}/bgp/statuses with {"advertised": true}
  3. Cloudflare begins advertising your prefix via BGP (convergence takes 30-90 seconds)
  4. Traffic is routed through Cloudflare's scrubbing network
  5. When the incident resolves, Flowtriq withdraws the prefix ({"advertised": false})
  6. Direct routing resumes
Important: BGP convergence is not instant. After Flowtriq announces the prefix, it typically takes 30-90 seconds for global routing to update. During this window, attack traffic may still reach your infrastructure.

Setup: OVH DDoS Protection

Prerequisites

  • An OVH, SoYouStart, or Kimsufi dedicated server
  • OVH API credentials (Application Key, Application Secret, Consumer Key)

Getting API Credentials

  1. Go to api.ovh.com/createToken
  2. Set the validity period (unlimited recommended)
  3. Add these access rules:
    • GET /ip/*
    • POST /ip/*/mitigation
    • DELETE /ip/*/mitigation/*
    • GET /ip/*/mitigation/*
  4. Save the Application Key, Application Secret, and Consumer Key

Configuration Steps

  1. Go to Dashboard → Integrations
  2. Select OVH DDoS Protection (Scrubbing)
  3. Enter your Application Key, Application Secret, Consumer Key
  4. Select your API endpoint (EU, CA, or US)
  5. Enter the IP address to protect
  6. Enable Auto-mitigate for automatic activation

How It Works

OVH already has built-in DDoS detection, but it operates on a higher threshold and slower detection cycle. Flowtriq detects attacks faster and can force-enable OVH's "permanent mitigation" mode via API, which applies stricter filtering to your IP.

  • On attack: POST /ip/{ip}/mitigation with {"ipOnMitigation": "{ip}"}
  • On resolution: DELETE /ip/{ip}/mitigation/{ip} (restores auto mode)

Setup: Hetzner Firewall

Prerequisites

  • A Hetzner dedicated server with firewall configured in the Robot panel
  • Robot API credentials (separate from Hetzner Cloud API)

Getting Robot API Credentials

  1. Log in to robot.your-server.de/preferences
  2. Under Webservice access, create a new login
  3. Save the username (format: #ws+xxxxx) and password

Important: Configure Firewall Rules First

Flowtriq activates/deactivates the Hetzner firewall - it does not create rules. You must configure your firewall rules in the Hetzner Robot panel before enabling this integration. When Flowtriq detects an attack, it sets status=active; when the attack resolves, it sets status=disabled.

Configuration Steps

  1. Configure firewall rules in the Hetzner Robot panel (Firewall tab for your server)
  2. Go to Dashboard → Integrations
  3. Select Hetzner Firewall (Scrubbing)
  4. Enter your Robot login, password, and server IP
  5. Enable Auto-activate firewall

Manual Controls

Each scrubbing integration has manual control buttons in the integrations list:

  • Test - Verify API credentials and connectivity
  • Activate - Manually start scrubbing (announce prefix / enable mitigation / activate firewall)
  • Withdraw - Manually stop scrubbing (withdraw prefix / disable mitigation / deactivate firewall)

Auto-Withdraw Safety

When an incident resolves, Flowtriq checks if there are other active incidents for the same workspace before withdrawing. If multiple attacks are in progress, scrubbing stays active until all incidents resolve. This prevents flapping where scrubbing is withdrawn during a brief lull in a multi-wave attack.

Combining with Firewall Rules

Cloud scrubbing and firewall rules serve different purposes and work well together:

FeatureFirewall RulesCloud Scrubbing
Where it actsOn your server (via agent)Upstream (via provider API)
Response time< 1 second1-90 seconds (depends on provider)
Handles volumetric floodsLimited (link can still saturate)Yes (traffic diverted before reaching you)
Handles application-layerYes (iptables, nftables, etc.)Depends on provider

Recommended setup: Use firewall rules for immediate local protection (iptables rate limiting, protocol drops), BGP mitigation for network-level FlowSpec/RTBH at your border routers, and cloud scrubbing for upstream volumetric protection. All three trigger automatically on the same incident.