Before proceeding with integration, ensure you have created ShieldSquare account by signing up here.  


Prerequisite : 

  • ShieldSquare may require 1 Load balancer and 2 Cento OS machines. ShieldSquare support team will suggest on exact hardware requirements based on your traffic bandwidth. 
  • Either Load balancer 'Content Switching' feature to distribute traffic for multiple back-end servers based on host-header, cookie, firewall rules or the DNS system should have a failover mechanism (You can refer to the sample AWS Route53 flow below).
  • Understanding on Monitor and Active modes


How it works in monitor mode? 

  1. Data from the Browser of end user will be received by your loadbalancer.
  2. Your Load Balancer will redirect the data to ShielSquare Virtual Appliance residing in your infrastructure.
  3. ShieldSquare Virtual Appliance will asynchrnously send the data to ShieldSquare Bot Engine for analysis.
  4. ShieldSquare Virtual Appliance instantaneously sends the data to your Application Server.
  5. You Application Server fetches the requested content and serves the page to the end user.


Note: In monitor mode, ShieldSquare Bot Engine will append 'ShieldSquare-Rresponse' HTTP Header for each request whose value will always be '0'. This indicates to allow all requests irrespective of human/bot behavior.


How it works in Active mode?


  1. Data from the Browser of end user will be received by your Loadbalancer.
  2. Your Load Balancer will redirect the data to ShielSquare Virtual Appliance residing in your infrastructure.
  3. ShieldSquare Virtual Appliance will synchronously send the data to ShieldSquare Bot Engine for analysis.
  4. The value of this header will be one of the following and appropriate actions can be taken on the corresponding requests.
    1. 0 - Allow the request
    2. 2 - Show CAPTCHA to the request
    3. 3 - Block the request
    4. 4 - Feed fake data to the request
  5. If the value of the “ShieldSquare-Response” present in the HTTP header is '0', the request will be sent to your application server to serve the page to the end user.
  6. If the value of the “ShieldSquare-Response” present in the HTTP header is '2' or '3' or '4', you can take appropriate action at application/server/WAF/CDN to Show CAPTCHA or Block or Feed fake data to the request depends on your business requirement.

If you use DNS system to enable context switch, below diagram represents the flow. 


Note

  • You can configure a rule in your firewall of your Load balancer based the header to ensure requested pages are served for humans.
  • These responses set in the header are according to the preferences set by you in the Bot Response List from the ShieldSquare Admin Dashboard for a certain bot type.
  • These responses will be set in the header are according to the preferences set by you in the Bot Response List from the ShieldSquare Admin Dashboard for a certain bot type. The browser IP should be set in ‘X-CLIENT-IP’ HTTP Header (If the IP can be found in any other header, kindly inform the ShieldSquare team)
  • Kindly inform the ShieldSquare on the HTTP Header containing the session of the browser.

 


Write to support@shieldsquare.com for any further clarifications in the process.