Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services
Docs/Webhooks

Webhook Reference

When you configure a Webhook notification channel, Flowtriq sends HTTP POST requests to your URL on every incident event.

Event Types

EventTrigger
attack_startNew incident opened - attack detected
attack_updateOngoing attack - peak PPS/BPS updated
attack_endAttack resolved (manual or auto)
testManual test from the dashboard

Payload Format

// POST to your webhook URL // Content-Type: application/json // X-Flowtriq-Signature: sha256=abc123... { "event_type": "attack_start", "timestamp": "2025-03-10T14:22:00Z", "incident": { "id": 147, "uuid": "d4e5f6a7-b8c9-...", "title": "UDP Flood on web-prod-1", "attack_family": "udp_flood", "severity": "critical", "peak_pps": 2450000, "peak_bps": 1547000000, "source_ip_count": 8429, "started_at": "2025-03-10T14:22:00Z", "ai_summary": "A large 1.4 Gbps UDP flood from 8,429 source IPs...", "dashboard_url": "https://flowtriq.com/dashboard/incident?id=147" }, "node": { "id": 1, "name": "web-prod-1", "ip_address": "203.0.113.10" } }

HMAC-SHA256 Signature Verification

If you set a webhook secret, Flowtriq signs every payload with HMAC-SHA256. The signature is in the X-Flowtriq-Signature header.

Python

import hmac, hashlib def verify_signature(payload_body, signature_header, secret): expected = 'sha256=' + hmac.new( secret.encode(), payload_body, hashlib.sha256 ).hexdigest() return hmac.compare_digest(expected, signature_header)

Node.js

const crypto = require('crypto'); function verifySignature(body, signatureHeader, secret) { const expected = 'sha256=' + crypto .createHmac('sha256', secret) .update(body) .digest('hex'); return crypto.timingSafeEqual( Buffer.from(expected), Buffer.from(signatureHeader) ); }

PHP

$expected = 'sha256=' . hash_hmac('sha256', $payload_body, $secret); $valid = hash_equals($expected, $_SERVER['HTTP_X_FLOWTRIQ_SIGNATURE']);

Go

mac := hmac.New(sha256.New, []byte(secret)) mac.Write([]byte(payloadBody)) expected := "sha256=" + hex.EncodeToString(mac.Sum(nil)) valid := hmac.Equal([]byte(expected), []byte(signatureHeader))

Retry Policy

  • Flowtriq retries failed webhook deliveries up to 3 times
  • Retry intervals: 10 seconds, 60 seconds, 5 minutes
  • A delivery is considered failed if your endpoint returns a non-2xx status code or times out (10 second timeout)
  • Failed deliveries are logged in the notification log on the incident detail page