🚀 Site Setup Guide – “Create Site” Process

The Create Site process in ShieldsGuard allows users to onboard and prepare a new domain for protection. While the platform handles much of the technical work automatically, there are critical steps the user must complete to ensure full security enforcement — especially for DDoS and WAF modules.

🧭 Step 1: Click “Create Site”

From the main dashboard, click the Create Site button to begin. This option is located in the Welcome panel and acts as the entry point for setting up a new domain.

🌐 Step 2: Enter Domain Name

You’ll be prompted to enter the domain name you wish to protect (e.g., example.com). Once submitted, click Create Site to continue.

📦 Step 3: Choose a Plan

You’ll be presented with available protection plans:

✳️ Start-Up Plan

• Basic DDoS detection and Web Application Firewall access

• Designed for budget-friendly, smaller websites

🚀 Enterprise Plan

• Full security suite, including advanced WAF and tailored protection

• Recommended for production environments or large-scale platforms

🆓 A 14-day free trial is available for all new domains.

💳 Step 4: Billing & Trial Activation

You’ll see a summary of the selected plan:

• Trial Duration: 14 days

• Total Amount Due: $0.00

• Proceed by clicking Start Trial

The site will now begin provisioning.

🛠️ Step 5: Enter Hosting IP Address

You will be asked to provide the IP address of the web server hosting your domain.

📥 Enter the IP (e.g., 192.0.2.14) and click Save.

⚙️ Step 6: Site Creation in Progress

Once the domain is accepted, the system will automatically begin:

• ✔️ Creating the site record

• ✔️ Applying DNS routing logic

• ✔️ Initializing configuration settings

You will see a progress screen indicating status updates.

🔐 Step 7: DNS & SSL Notices

If your domain is not yet using ShieldsGuard nameservers, you will receive the following notice:

Your nameservers are being processed. SSL cannot be created until this process is complete.
ns1: guard.ns.shieldsguard.com
ns2: shields.ns.shieldsguard.com

DNS must be correctly pointed for SSL to be issued and fully enable HTTPS traffic.

⚠️ Important Notes

✅ After Setup

Once all configurations are complete and traffic starts flowing:

• ShieldsGuard begins monitoring your domain

• Logging and analytics activate automatically

• You can fine-tune rate limiting, filter rules, and IP access

• You should now proceed to activate WAF & DDoS Protection from the Protection Panel

📋 Quick Checklist

🎯 The Create Site process gives you a fast start — but enabling full protection requires a few manual steps. Don’t forget to activate DDoS protection and WAF before going live.

✉️ ShieldsGuard SEG Installation

ShieldsGuard SEG (Secure Email Gateway) is a powerful enterprise solution that protects your organization’s email traffic against phishing, spam, malware, and data leakage.

To ensure the correct integration with your mail infrastructure (e.g., Microsoft 365, Google Workspace, or on-premise SMTP servers), setup must be handled securely and in alignment with your organization's architecture.

🛠️ SEG installation requires custom configuration.

📞 Please Contact Support

To begin the installation and onboarding process:

➡️ Contact a ShieldsGuard support representative. They will assist you with:

• MX record setup

• Mail flow redirection

• SPF/DKIM/DMARC alignment

• TLS configuration

• Policy enforcement tailored to your needs

📧 Email: support@shieldsguard.com 🌐 Or use the Support option within your admin panel.

🎯 ShieldsGuard SEG deployment is handled with the assistance of a technical specialist to ensure maximum security and compliance.

Welcome to the official documentation of ShieldsGuard — a unified, high-performance platform for real-time threat detection, DDoS mitigation, email gateway protection, and full-stack perimeter control.

This guide is designed to help you:

• Understand the architecture and core capabilities of ShieldsGuard

• Deploy, configure, and manage each module effectively

• Investigate threats and respond with precision

• Enforce policy-based access and filtering across your entire infrastructure

🚀 What Is ShieldsGuard?

ShieldsGuard is a next-generation cybersecurity platform that combines:

• 🌐 Website & API Protection (via WAF, DDoS, Access Rules)

• 📧 Secure Email Gateway (phishing, spam, malware filtering)

• 🧠 Behavioral Analysis & Threat Intelligence

• 🔍 Real-Time Logging, Forensics, and Response

• 📄 Customizable Firewall Pages and Rule Sets

Whether you’re defending a web application, enterprise mail server, or cloud infrastructure — ShieldsGuard is engineered to give you visibility, control, and resilience.

📂 How This Documentation Is Structured

This documentation is divided into clear, functional categories:

🧠 Who Is This For?

This documentation is ideal for:

• Security Engineers

• DevOps Teams

• Email Admins

• SOC Analysts

• Compliance Officers

If you manage infrastructure, protect users, or respond to threats — this guide is for you.

🎯 ShieldsGuard is here to simplify security and amplify control — let's protect your digital surface, together.

Jump right in

🎯 Purpose

The Today's Data panel provides a real-time snapshot of the website's security posture and traffic behavior for the current day. It helps identify ongoing threats, traffic surges, and overall performance indicators.

📌 Key Components

• Total Visits: Number of all HTTP requests received today.

• Successful Requests: Requests that returned 2xx HTTP status codes.

• Malicious Action Attempts: Count of requests detected as harmful or suspicious.

• HTTP Risk Score: A calculated metric indicating potential danger based on error patterns.

🌍 Traffic Sources

• Top Countries by Request Volume: Displayed on an interactive map.

• Top IP Addresses: List of IPs sending the most requests.

🔗 Endpoint Visibility

• Top URLs Requested: Shows which paths are most visited or potentially targeted.

📈 Visual Indicators

• Percentage changes show trends compared to yesterday.

• Heat intensity on the map reflects request concentration.

• Color-coded HTTP status responses (green = 2xx, red = 5xx, etc.).

✅ Use Cases

• Quickly detect ongoing attacks or brute-force attempts.

• Identify suspicious IPs or URL abuse.

• Monitor overall daily system health.

🌐 Country Statistics

🎯 Purpose

The Country Statistics panel gives insight into where your traffic is coming from over time. It helps differentiate between normal geographic distributions and potential attack patterns.

📌 Key Components

• Total Visits: Total requests across all countries.

• Unique Countries: Number of different country sources.

• Peak Country: The country with the most requests in a single burst.

• Visitor Distribution Table: A sortable list of countries and their request counts.

• Visitor Map: Geographical heatmap showing traffic density.

📈 Visual Indicators

• Brighter regions on the map indicate heavier traffic.

• Country flags and exact numbers enhance readability.

✅ Use Cases

• Spot unusual regional activity (e.g. DDoS from a new country).

• Correlate with marketing campaigns or legal access boundaries.

• Prioritize geo-blocking or regional filtering.

🔗 URL Statistics

🎯 Purpose

The URL Statistics section reveals which endpoints on your system are receiving the most attention — whether legitimate or malicious.

📌 Key Components

• Total Visits: Global request count to all URLs.

• Unique URLs: Count of distinct endpoints accessed.

• Top Requested URLs: Lists the most visited endpoints (e.g. login, API, or admin paths).

• URL Chart View: Visual bar representation of visit volume per endpoint.

⚠️ Observations

• Frequently accessed admin or login pages may be under attack.

• Repeated hits on unusual URLs could suggest vulnerability scanning.

✅ Use Cases

• Detect brute-force or enumeration attempts.

• Optimize caching or endpoint performance based on usage.

• Identify exposure of unintended paths (e.g. test or backup routes).

🏁 1. General Welcome and Site Management Panel

📖 Overview

This is the landing page for all ShieldsGuard users. Upon logging in, it provides an at-a-glance summary of their account, including registered websites, usage metrics, and access to essential management tools.

It is the central control panel for launching new domains, configuring users, and monitoring real-time activity across protected assets.

🧱 Components

📚 Sidebar Menu

The left-hand menu provides access to all core user-level operations:

🖥️ Main Content Area

The right panel contains your personalized usage summary and key action buttons:

🧠 Usage Scenario

This screen acts as the entry point into the ShieldsGuard ecosystem.

Example applications:

• A security analyst can log in and immediately see traffic trends across websites.

• A DevOps engineer may use this view to confirm DNS propagation or SSL readiness.

• An admin might onboard new sites or grant user permissions directly from here.

🎨 Visual Indicators

📌 Additional Notes

• This dashboard is not just informational — it is actionable.

• All navigation stems from this control panel, making it the primary cockpit for security administrators and operators.

• Integrated metrics such as “requests today” and “active sites” help teams stay informed at a glance.

🎯 The General Panel gives you an instant, high-level view of your digital estate — combining usability with operational intelligence from the very first screen.

📊 Overview

The Overview section in ShieldsGuard provides a centralized and dynamic summary of your web infrastructure’s behavior. It brings together real-time monitoring, traffic origin tracking, URL-level inspection, and status code analytics to give you a full picture of what’s happening across your protected websites.

This section is divided into the following key modules:

🔎 2.1 Today's Data

Get a live snapshot of your website's performance and security posture for the current day — including total visits, blocked requests, malicious attempts, and risk score evaluations.

🌍 2.2 Country Statistics

Track where your traffic is coming from geographically. Use this to identify unusual regional surges, geo-targeted threats, or marketing effectiveness.

🔗 2.3 URL Statistics

Discover which pages, endpoints, or services are receiving the most traffic. Analyze user access behavior, potential attack vectors, or stress points in your platform.

🌐 2.4 IP Statistics

Uncover which IP addresses are the most active — whether legitimate users, search engine bots, or malicious actors. Includes ASN and geolocation data.

⚠️ 2.5 HTTP Status Statistics

Visualize the distribution of HTTP response codes. Identify success rates, client-side errors (4xx), and server-side failures (5xx) at a glance.

📡 IP Statistics

🎯 Purpose

The IP Statistics panel identifies the most active IP addresses and their contribution to your traffic landscape. It supports both performance tuning and security analysis.

📌 Key Components

• Top IPs: List of IPs sorted by volume of requests.

• ASN Information: Associated network provider or organization.

• Country Origin: Geographical source of the IP.

📊 Visuals

• Request bars showing the volume per IP.

• Tags displaying ASN and country flag for each entry.

✅ Use Cases

• Flag suspicious IPs with excessive request volume.

• Block repeated offenders or integrate IP reputation systems.

• Whitelist trusted infrastructure (e.g., monitoring systems).

🛡️ Overview

The DDoS Protection module in ShieldsGuard is your first line of defense against traffic-based denial-of-service attacks. Whether it’s volumetric floods, bot-driven login abuse, or application-layer overload, this protection engine enables you to mitigate threats before they impact your infrastructure.

⚠️ Important: After first setup, the DDoS Protection feature is disabled by default. To activate protection, you must manually select one of the available protection modes from the panel.

These modes are:

• JavaScript Verification

• Google Captcha

• Friendly Captcha

Until one is selected and configured, your website will remain vulnerable to automated traffic-based attacks.

⚙️ Activating Protection

1. Navigate to Protection > DDoS Protection from the left sidebar.

2. Locate the DDoS Protection status section at the top.

3. Choose a protection mode from the dropdown:

   • Javascript Verification

   • Google Captcha

   • Friendly Captcha

4. Configure the selected mode using the provided forms.

5. Your protection will be enforced immediately after saving.

🔍 DDoS Protection Modes Explained

✅ JavaScript Verification

This mode enforces a lightweight browser-based challenge that filters out non-human traffic like bots, scripts, and scanners that do not support JavaScript execution.

Key Features:

• Invisible to human users

• Fast and automatic

• Effective against basic botnets, curl, wget, and CLI tools

Limitations:

• Advanced bots using headless browsers (e.g., Puppeteer, Selenium) may pass this challenge

Recommended Use:

• Public websites

• Static content delivery

• When user friction must be minimal

🔐 Google Captcha

Enables Google’s reCAPTCHA to challenge suspicious users and confirm they are human before accessing sensitive areas.

Configuration Required:

• Google reCAPTCHA Site Key

• Google reCAPTCHA Secret Key

Variants Supported:

• reCAPTCHA v2 (checkbox or invisible)

• reCAPTCHA v3 (score-based)

Advantages:

• High detection accuracy

• Widely recognized

• Free for standard use

Drawbacks:

• Adds friction to user flow

• May not comply with strict privacy regulations (e.g., GDPR in EU)

Recommended Use:

• Login pages

• Admin panels

• Account creation / payment flows

🛡️ Friendly Captcha

Friendly Captcha is a modern, privacy-first alternative that uses proof-of-work cryptography instead of solving puzzles.

Fields to Configure:

• Secret Key (generated from Friendly Captcha panel)

• Site Key

• Endpoint Region (EU / US)

Advantages:

• No user interaction

• Fully GDPR-compliant

• Does not collect or track user data

Drawbacks:

• Requires an active Friendly Captcha subscription

• Slight delay due to proof-of-work (milliseconds)

Recommended Use:

• Privacy-focused websites

• European user bases

• Sites requiring seamless UX with strong bot defense

🔧 Advanced Configuration Options

Once a protection mode is selected, you can fine-tune how and when it activates:

🍪 Visitor Cookie Duration

Defines how long a visitor stays trusted after passing the challenge.

• Minimum: 600 seconds (10 minutes)

• Maximum: 86400 seconds (1 day)

Example Use: Set to 1800 seconds (30 minutes) to avoid re-challenging returning users too often.

⏱️ DDoS Protection Duration

When triggered, this sets how long the protection remains active.

• Range: 5 to 1440 minutes

Scenario: If set to 60 minutes, the site stays protected for one hour after an attack pattern is detected.

🚨 DDoS Trigger Settings

Define how much traffic is considered suspicious.

• Time Interval (Seconds): Between 10 and 30 seconds

• Request Threshold: Between 1 and 5000 requests

Example: If a single IP sends more than 1000 requests in 10 seconds, activate protection.

🌐 IP Rate Limiting

Sets a hard cap on the number of requests per second from a single IP address.

• Minimum: 5 requests/sec

• Use Case: Prevents brute-force and scraping attacks

Tip: Start with 500–700 and monitor before lowering. Use tighter limits for login or API routes.

✅ Best Practice Recommendations

🧠 Summary

DDoS protection is only effective when properly enabled and tuned. ShieldsGuard provides multiple mechanisms to cover both performance and privacy concerns. The layered control—combining protection mode, duration, trigger thresholds, and IP rate limits—ensures your services stay online even during hostile traffic surges.

Always test your configuration under light load before deploying in production.

🔐 Google reCAPTCHA Integration (ShieldsGuard)

📖 Overview

ShieldsGuard supports Google reCAPTCHA integration to enhance bot protection, DDoS challenge validation, and login security.

By adding your Google reCAPTCHA keys to the system, you ensure that automated access attempts are filtered with an additional verification layer before being allowed to interact with protected web resources.

🧭 Step-by-Step Setup Guide

1️⃣ Register Your Site at Google reCAPTCHA

1. Visit: https://www.google.com/recaptcha/admin/create

1. Log in with your Google account

2. Fill in the form:

   • Label: Example: ShieldsGuard Protection

   • Choose Type:

     • ✅ reCAPTCHA v2 – "I’m not a robot" (recommended)

     • Or v3 if desired

   • Domains: Enter your domain (e.g., example.com)

   • Accept the Terms of Service

3. Click Submit

You will receive two keys:

• 🔐 Secret Key

• 🌐 Site Key

2️⃣ Enter Keys into ShieldsGuard

Once you’ve obtained your keys:

1. Log in to your ShieldsGuard Panel

2. Navigate to: Protection > DDoS Protection > Google Recaptcha Section

3. Click the 🔴 Set Key button (You’ll see this as a red action button prompting configuration)

1. In the popup titled Edit Google Captcha Key, enter:

   • Secret Key (first field)

   • Site Key (second field)

1. Click the 🔒 Save button

You will receive confirmation that the keys are stored and ready for use.

3️⃣ Activate Google reCAPTCHA in DDoS Protection

Adding the keys alone is not enough. You must activate Google reCAPTCHA in your protection mode.

1. Go to: Protection > DDoS Protection

2. In the DDoS Protection Settings, set:

   • Protection Mode → Automatic or Google Captcha

   • Automatic Protection Type → Google Captcha

3. Save the configuration

Now, when a threshold is triggered, ShieldsGuard will serve Google reCAPTCHA challenges to the client.

🧪 Test It

To verify that Google reCAPTCHA is active:

• Simulate a DDoS request (e.g., rapid refresh or tool-based probe)

• Access a protected endpoint with the configured domain

• reCAPTCHA challenge should appear in the browser

💡 Best Practices

🎯 By integrating Google reCAPTCHA with ShieldsGuard, you're creating a highly effective layer of friction for automated threats, while preserving user experience for legitimate visitors.

🛡️ Friendly Captcha Setup (ShieldsGuard)

📖 Overview

ShieldsGuard allows full integration with Friendly Captcha, a modern, privacy-friendly CAPTCHA solution. Once integrated, Friendly Captcha can be used as a challenge mechanism within the DDoS Protection module to block automated threats without disrupting legitimate users.

🔐 Unlike traditional CAPTCHA methods, Friendly Captcha offers a user-friendly experience with high resilience against bots and headless browsers.

🧭 Step-by-Step Integration Guide

1️⃣ Create a Friendly Captcha Account

2. Register for an account (free or paid plan)

1. After login, navigate to the Dashboard

2. Click on “Create New Application”

1. Name your application and define the domain (e.g., yourdomain.com)

2. After creation, you’ll receive:

   • 🔐 Secret Key

   • 🌐 Site Key

2️⃣ Log into ShieldsGuard Panel

1. Open your ShieldsGuard admin panel

2. Navigate to: Protection > DDoS Protection

3️⃣ Open Friendly Captcha Configuration

Scroll to the Friendly Captcha section.

Click on the 🔴 Set Key button:

This opens a modal titled Edit Friendly Captcha Key.

4️⃣ Enter Friendly Captcha Keys

In the popup window:

• Paste your Secret Key in the first field

• Paste your Site Key in the second field

• Choose your Endpoint Region from the dropdown (e.g., EU Endpoint, US Endpoint)

• Click 🔐 Save

✅ Keys are now saved and the system is ready for use.

5️⃣ Enable Friendly Captcha in DDoS Protection Mode

⚠️ Captcha setup is not complete until it’s activated under protection logic.

1. Go back to Protection > DDoS Protection

2. Under DDoS Automatic Protection, set:

   • Status = Automatic Protection or Friendly Captcha

   • Protection Type = Friendly Captcha

3. Configure your desired:

   • Trigger Threshold (requests/sec)

   • Protection Duration

   • IP Limit Rules

4. Save all changes

🧪 Testing the Integration

To test if Friendly Captcha is active:

• Simulate rapid browsing or bot-like behavior (multiple refreshes)

• You should be presented with a Friendly Captcha challenge instead of being blocked directly

This ensures human users are verified with minimal friction.

💡 Best Practices

🎯 Friendly Captcha integration offers the perfect balance of strong bot defense and seamless user experience — especially valuable in public login portals, DDoS-prone environments, and signup forms.

📖 Protection

The Protection section in ShieldsGuard provides you with all the tools necessary to defend your infrastructure against both volumetric and application-layer attacks.

ShieldsGuard ensures complete protection against all types of DDoS attacks — from Layer 3/4 floods to complex Layer 7 HTTP-based threats.

In this section, you will find two powerful modules:

• 3.1 DDoS Protection – Activate automated defense against TCP/UDP floods, SYN attacks, HTTP request floods, and behavioral anomalies.

• 3.2 WAF – Web Application Firewall – Inspect and filter all web-layer traffic with advanced rule sets tailored to block XSS, SQLi, RCE, LFI/RFI, and more.

⚠️ Important: Both modules are independent but work best when enabled together.

We strongly recommend enabling and fine-tuning both DDoS Protection and WAF to ensure the highest level of resilience, especially in public-facing or critical environments.

👉 Click the subpages to start configuring your defenses.

⚠️ HTTP Status Statistics

🎯 Purpose

This panel breaks down HTTP response codes to assess website performance, stability, and user experience.

📌 Key Components

• Success (2xx): Indicates functional routes and services.

• Redirects (3xx): Shows navigation flows and redirection behavior.

• Client Errors (4xx): Typically caused by bad requests (e.g., 404, 403).

• Server Errors (5xx): Usually reflect backend problems or overloads (e.g., 500, 503).

📈 Visual Indicators

• Donut or pie chart distribution of status codes.

• Highlight of the most frequent status code.

• Each code includes total count and percentage share.

✅ Use Cases

• Monitor for increasing 4xx/5xx errors.

• Detect broken links or misconfigured services.

• Ensure high 2xx ratio for healthy performance.

🛡️ Security Rules

The Security Rules section in ShieldsGuard provides powerful tools to filter, block, or manipulate specific aspects of incoming HTTP requests. This section empowers administrators to define granular behavioral policies, harden exposed endpoints, and mitigate suspicious or malicious activity on a per-rule basis.

Each rule type is modular, giving you complete control over how your system handles traffic based on IPs, headers, methods, paths, query strings, or even post payloads.

Below is a breakdown of what each rule type allows you to control:

🔲 BlackList & WhiteList

Define explicit IP addresses or CIDR ranges to block or allow regardless of other rules or protections.

📘 User Agent Filtering

Create rules based on the User-Agent header. Useful for blocking known bots, outdated clients, or malicious scanners.

🧵 Query String Filtering

Inspect query parameters and block requests that contain suspicious or forbidden values.

📥 HTTP Header Filtering

Control request behavior by filtering based on specific HTTP headers, such as Referer, Origin, or custom-defined headers.

🚫 Block POST Values

Prevent requests containing specific keywords or data patterns in POST bodies. Ideal for blocking form spam or injection attempts.

🔄 Custom Headers

Inject or modify custom headers into responses for security, debugging, or routing logic.

⛔ Block URL Requests

Block access to specific URL strings or patterns regardless of method or query.

🧭 URL Path Blocking

Block entire URL path segments such as /admin, /debug, or /staging. Supports wildcards and nested directories.

🔐 Encrypt Path

Obfuscate sensitive paths using encryption to prevent reconnaissance and endpoint enumeration.

🧹 Remove Request Value

Strip or replace parts of the request URI, headers, or parameters before it reaches backend services.

🚫 Exclude Directories from Protection

Bypass WAF/DDoS inspection for specific static folders (e.g., /uploads, /assets) to improve performance or avoid unnecessary filtering.

🧠 These security rules act as a flexible policy enforcement layer — perfect for scenarios where WAF alone is not enough or too generalized.

Proper use of Security Rules gives you surgical control over traffic behavior, making ShieldsGuard a highly adaptable security platform for modern, high-risk environments.

🧭 Overview

The BlackList & WhiteList module in ShieldsGuard gives administrators the power to allow or block specific IP addresses from accessing the protected website or application. This forms the most fundamental and direct layer of access control in your security policy.

With this module, traffic can be explicitly permitted (whitelisted) or denied (blacklisted), regardless of WAF, DDoS, or any other protection mechanisms in place.

✅ Allowed IP Addresses (Whitelist)

This section allows you to define IPs or ranges that should bypass all protection engines — including:

• Web Application Firewall (WAF)

• DDoS Protection

• Rate Limiting

• Behavior-based Blocking

Use Cases:

• Trusted internal IPs (corporate office, VPNs)

• Monitoring systems or uptime checkers

• Developers or testers who should never be blocked

• Third-party services with known IPs (e.g., Stripe, PayPal, Cloud providers)

Example:

203.0.113.42
10.10.0.0/16

⚠️ Whitelisted IPs are treated as fully trusted — ensure they are secure and properly scoped.

🚫 Blocked IP Addresses (Blacklist)

This section allows you to completely ban IPs or ranges from accessing the site. Any request from a blacklisted IP will be dropped immediately.

Use Cases:

• Known malicious actors

• Repeated brute-force or spam sources

• IPs flagged by threat intelligence

• Abuse reports or geo-blocking by range

Example:

192.168.100.23
203.0.113.0/24

🔒 Blacklist takes absolute precedence — blocked IPs cannot bypass via any other setting.

🔧 How to Use

1. Go to Security Rules > BlackList & WhiteList

2. Switch between Allowed IP Addresses or Blocked IP Addresses

3. Click “Add IP Address”

4. Enter:

   • Single IP (e.g., 192.0.2.10)

   • IP Range / CIDR (e.g., 192.0.2.0/24)

5. Save

Changes take effect immediately and will be logged in traffic analytics.

🔍 Search and Manage

• You can search IPs using the search bar

• Use bulk selection for mass deletion or editing

• Logs will indicate whether a request was blocked or allowed due to IP rule

📌 Best Practices

🛡️ IP-level control is your first line of defense. Use it to allow what you trust, and block what you know to be harmful.

🛡️ Overview

The Web Application Firewall (WAF) in ShieldsGuard is an advanced, multi-layered security engine designed to protect your applications against all known Layer 7 threats — from SQL injection to file inclusion, command injection, and even data leakage.

ShieldsGuard supports three different WAF models, each accessible via separate tabs:

1. ShieldsGuard WAF (recommended — proprietary engine)

2. ModSecurity v4 (community/open standard ruleset)

3. ModSecurity v3 (legacy compatibility ruleset)

⚠️ Only one rule set can be active at any given time. If ShieldsGuard WAF is active, v3 and v4 are automatically disabled, and vice versa.

We strongly recommend using ShieldsGuard WAF for best security, performance, and enterprise-grade rule support.

🔒 ShieldsGuard WAF (Recommended)

🔧 Description

ShieldsGuard WAF is a custom-built, proprietary firewall engine developed by the ShieldsGuard security engineering team. It contains handcrafted, threat-intelligence-enhanced rules, designed to detect and stop real-world attack patterns before they ever reach your application.

It is continuously updated and optimized for:

• Performance under high load

• Low false-positive rates

• Real-time botnet and CVE protection

• Enterprise-grade precision

🧩 Rule Modules

Below is the complete list of available .conf modules within ShieldsGuard WAF:

🛠️ Enterprise users receive assistance in tuning these rules with direct engineer access and 24/7 monitoring options.

📘 ModSecurity v4 Rule Set

💡 Description

ModSecurity v4 is a structured, open-source community-driven ruleset, built around OWASP Core Rule Set (CRS) standards. ShieldsGuard supports v4 through modular .conf files, each focusing on specific vulnerabilities or exploit methods.

🔧 Example Rules:

🧱 ModSecurity v3 Rule Set

📦 Description

ModSecurity v3 is a lightweight, simplified version of v4, maintained for legacy compatibility. While not as complete or intelligent as v4 or ShieldsGuard WAF, it offers baseline protection for older stacks.

🔧 Example Rules:

✅ How to Use WAF in ShieldsGuard

1. Go to Protection > WAF

2. Enable WAF Control (top toggle)

3. Select the desired WAF rule engine tab (ShieldsGuard WAF / v4 / v3)

4. Activate the .conf modules relevant to your environment

5. Save and monitor – changes apply immediately

📌 Best Practices

• Always use ShieldsGuard WAF unless legacy compatibility is strictly required

• For CMS users (WordPress, Drupal, NextCloud), enable only one CMS exclusion rule at a time

• Enable all critical attack class protections (SQLi, XSS, RCE)

• Disable unused protocol types to reduce false positives

• For enterprise environments, contact the ShieldsGuard team for:

  • Rule tuning

  • False positive mitigation

  • Custom platform rules

  • CVE simulation and patching

🧠 Summary

ShieldsGuard WAF provides a complete application-layer security solution with options tailored for all needs — from enterprises needing expert-backed protection to legacy systems requiring minimal rules.

🔐 Choose one rule engine. Activate only what you need. Let ShieldsGuard handle the rest.

📖 Overview The User Agent Filtering module allows you to control access to your website or application based on the User-Agent header included in HTTP requests. This header typically identifies the browser, tool, bot, or crawler making the request. By allowing or blocking specific User Agents, you gain powerful control over how your application interacts with browsers, bots, and potential attackers.

✅ Allowed User Agent List This section enables you to define trusted User Agents that should always be allowed access — even if other security mechanisms are in place.

Use Cases:

• Allowing access to legitimate bots:

  • Googlebot

  • Bingbot

  • Slackbot

• Permitting internal testing tools or scanners

Configuration Options:

• Enter a regex pattern to match the User-Agent string

• Select a sensitivity level from the dropdown Example: Allowing ^Googlebot.* ensures only Google’s official crawler is accepted.

🚫 Blocked User Agent List This section allows you to define unauthorized User Agents that should be completely blocked from accessing your system.

Use Cases:

• Blocking known scraping tools or headless browsers:

  • curl

  • python-requests

  • Scrapy

• Preventing spam bots or fake search engine crawlers

Configuration Options:

• Define a regex pattern for partial or full User-Agent strings

• Select a sensitivity level from the dropdown Example: Blocking .*bot.* will catch most generic bots and automated tools.

🔍 Regex Matching & Sensitivity Options When creating a rule, you must select a sensitivity level. The following four options are available:

1. Case Insensitive Matches plain text without considering letter case. Example: curl will match Curl, cURL, or CURL.

2. Case Sensitive Matches plain text exactly as typed, including letter case. Example: curl matches only curl and not CURL or Curl.

3. Regex Regular Expression Case Sensitive Allows full regex usage and respects letter casing. Example: ^SlackBot.* matches SlackBot/1.0, but not slackbot/1.0.

4. Regex Case Insensitive Enables full regex support while ignoring letter case. Example: ^slackbot.* matches SlackBot/1.0, SLACKBOT/2.0, etc.

⚙️ How to Add a Rule

1. Navigate to Security Rules > User Agent Filtering

2. Choose either the Allowed or Blocked tab

3. Click Add User Agent

4. In the popup:

   • Enter a regex pattern to match the User-Agent string

   • Choose a sensitivity level from the dropdown

5. Click Save — your rule is instantly applied

You can manage existing rules, search by regex, or delete them at any time.

🚨 Warning User-Agent headers can be easily spoofed. While User Agent Filtering is effective against basic bots and misconfigured clients, advanced attackers may forge trusted User-Agent strings.

For enhanced security:

• Combine this feature with IP Reputation databases

• Enforce rate limiting

• Use Web Application Firewall (WAF) rules

🎯 Conclusion User Agent Filtering is a lightweight, efficient, and flexible way to block malicious bots, reduce system noise, and protect public-facing endpoints — especially APIs and marketing pages.

📘 Overview

The HTTP Header Filtering module allows you to filter incoming HTTP requests based on the name and value of specific HTTP headers. This is useful for blocking or allowing requests based on exact or expected header content.

🛠️ How It Works

You can define a simple rule by providing:

• A Header Title (e.g., Origin, Authorization, X-Custom-Header)

• A Header Content (exact match string)

Once the rule is created, incoming requests will be matched against this rule and filtered accordingly.

⚙️ How to Add a Header Filter

1. Go to Security Rules > HTTP Header Filtering

2. Click Create Header Filtering

3. Fill out:

   • Enter Header Title

   • Enter Header Content

4. Click Filter

5. The rule will take effect immediately

🔐 Why It Matters

Many attacks exploit improperly validated or missing headers, including:

• CSRF attacks (missing Origin / Referer headers)

• Host Header Injection

• API key misuse

Header filtering adds a layer of control at the gateway level to prevent such attacks early.

🎯 HTTP Header Filtering is a quick way to enforce header presence and exact values, adding lightweight security to your application endpoints.

📘 Overview

The Custom Headers module allows you to define and inject HTTP response headers into all responses served by your ShieldsGuard-protected site. This is useful for improving security, enhancing privacy, and customizing browser behavior — without modifying your application code.

🛠️ How It Works

You define:

• Header Variable Name – The name of the HTTP response header (e.g., X-Frame-Options, X-Powered-By, X-XSS-Protection)

• Header Variable Content – The value of that header (e.g., DENY, nosniff, or any string)

Once created, this header will be automatically included in every HTTP response.

⚙️ How to Add a Custom Header

1. Navigate to Security Rules > Custom Response Headers

2. Click Create Header Variable

3. Fill in:

   • Header Variable Name: the header key you want to define

   • Header Variable Content: the value you want to send

4. Click Create Variable

5. The header is now injected into all HTTP responses globally

📋 Example Use Cases

• Add X-Content-Type-Options: nosniff to prevent MIME-type sniffing

• Add X-Frame-Options: DENY to block clickjacking

• Add X-Powered-By: ShieldsGuard to override default server info

🔐 Why It Matters

HTTP response headers allow you to:

• Reduce browser-based attack surfaces

• Hide unnecessary backend information

• Enforce client-side behavior securely

This feature helps maintain a secure-by-default posture.

🎯 With just a few clicks, you can set custom headers across your entire site — no coding required.

📖 Overview

The Query String Filtering module enables you to control and sanitize the query parameters (GET variables) attached to incoming requests.

By defining allowed or blocked query strings on a per-path basis, you can protect sensitive endpoints, APIs, and web forms against tampering, injection, or unexpected behavior.

This adds a powerful application-layer control that complements WAF rules and general request validations.

🎯 Purpose

• Allow only expected parameters on specific pages.

• Block unexpected or malicious parameters.

• Remove untrusted query parameters automatically.

• Harden API endpoints, authentication flows, and payment pages.

✅ How It Works

You define rules specifying:

• Target Page Path: (e.g., /login, /api/user/info, /checkout)

• Allowed Query Keys: (e.g., email, token, id)

When a request is made:

• Only the listed keys are allowed.

• Any additional parameters are either removed or blocked based on configuration.

📋 Example

Allowed Keys for /login

• email

• redirect_uri

Incoming Request:

/login?email=user@example.com&admin=true

Behavior:

• admin=true is removed or causes a block, depending on rule setting.

🛠️ Configuration Options

• Allow Only These Keys: Block or strip any parameter not explicitly listed.

• Action Mode:

  • Remove unauthorized arguments silently

  • Block the request if unauthorized arguments are detected

• Multiple Rules: Create multiple rules for different paths.

🚀 Use Cases

🧠 Best Practices

• Whitelist only absolutely necessary parameters.

• Avoid allowing “debug”, “test”, or unused parameters on production systems.

• Combine Query String Filtering with WAF to maximize protection.

• Review URL patterns regularly as your application evolves.

⚙️ How to Add a Query String Filter

1. Go to Security Rules > Query String Filtering.

2. Click Add New Rule.

3. Enter the Page Path.

4. Define all allowed query keys.

5. Choose the action (Remove unauthorized / Block unauthorized).

6. Save the rule.

🛡️ The rule will be active immediately for all matching requests.

⚡ Important Notes

• Query filtering happens before request routing to backend servers.

• Filtering is case-sensitive for parameter names.

• Be cautious on dynamic URLs where parameters may vary unexpectedly.

🎯 By enforcing strict query string structures, you prevent misuse, abuse, and accidental exposure of your application's internal logic.

📘 Overview

The Block POST Values module allows you to block incoming HTTP POST requests based on specific field names and values in the request body. This helps stop malicious or unwanted content before it reaches your backend.

🛠️ How It Works

You define two things:

• POST Key: The name of the POST parameter you want to inspect (e.g., message, username, comment, bio)

• POST Content: The exact value to block within that field

If a match is found, the request is immediately blocked at the edge.

⚙️ How to Add a Block Rule

1. Go to Security Rules > Block POST Values

2. Click Add New Rule

3. Enter:

   • Enter Post Key: the POST parameter to monitor

   • Enter Post Content: the value that should trigger blocking

4. Click Block

5. The rule is enforced instantly

📋 Example Use Case

• Block POSTs where the field comment contains the value buy now

• Block username field if it contains admin (to prevent impersonation)

🔐 Why This Matters

Blocking harmful content at the POST layer helps prevent:

• Spam submissions in contact forms or comments

• Basic SQL injection or XSS payloads

• Unwanted automated POSTs or abuse attempts

This feature acts as a first line of defense.

🎯 POST Value Blocking is a fast and simple way to filter out known bad inputs before they can do harm.

📘 Overview

The Block Request module allows you to block HTTP requests based on specific key-value matches found in either query strings (GET) or form data (POST). This helps prevent suspicious or unwanted data from reaching your application.

🛠️ How It Works

You define two simple parameters:

• Request Key Value – The name of the request parameter to monitor (e.g., search, token, redirect)

• Request Content – The exact value that should be blocked (e.g., SELECT, javascript:, admin)

If the system detects a request with that key and matching value, it blocks the request immediately.

⚙️ How to Add a Blocking Rule

1. Go to Security Rules > Block URL Request Parameters

2. Click Block Request

3. Fill in:

   • Enter Request Key Value: the parameter name to inspect

   • Enter Request Content: the value to block

4. Click Block

5. The rule is now active and will block matching requests

📋 Example Use Cases

• Block search=SELECT to prevent SQL Injection attempts

• Block redirect=javascript: to mitigate Open Redirects

• Block token=admin123 to prevent brute-force token usage

🔐 Why It Matters

By inspecting incoming request parameters, this feature allows early detection of payload-based attacks. It helps reduce exposure to:

• SQL Injection (SQLi)

• Cross-Site Scripting (XSS)

• Command Injection

• Open Redirects

🎯 Blocking malicious key-value combinations at the request level helps neutralize attacks before they reach your backend systems.

📘 Overview

The Encrypt Path module allows you to restrict access to specific URL paths by requiring a username and password. It functions like lightweight HTTP authentication and provides edge-level protection — without touching backend code.

🎯 Purpose

• Protect internal pages, admin panels, or test environments

• Control access to staging or early-access content

• Secure downloadable resources with a password

• Prevent unauthorized users from accessing private directories

🛠️ How It Works

You define:

• Username – Only users with this username can proceed

• Password – Must be provided to gain access

• Encrypted Path – The full or partial URL path to protect

• Authorization Message (optional) – Custom message shown when access is denied

When someone accesses a protected URL:

• A login prompt appears

• If the credentials match, the request is allowed

• If incorrect, the user sees your custom denial message and access is blocked

⚙️ How to Configure Encryption

1. Go to Security Rules > Encrypt Path

2. Click:

   • 🔵 Username to set or change the login username

   • 🟠 Password to set or change the login password

   • 🟢 Set a Message to define a custom message for failed logins (e.g., "Bu alana erişim yetkiniz yok")

   • 🟧 Specify the page to be encrypted and enter the full URL you want to protect (e.g., https://shieldsguard.com/admin)

3. Click Encrypt to activate protection

📋 Example Use Case

• Protect /admin-panel with username: sg and a strong password

• Show a denial message like: “You do not have access to this area”

• Ensure only internal users with credentials can reach the path

🔐 Why This Matters

Encrypt Path allows secure, no-code restriction of sensitive areas:

• Without installing plugins

• Without modifying server configs

• Without writing auth logic

It's ideal for developers and admins who want to quickly lock down access to certain pages.

⚠️ Best Practices & Notes

• Use strong, non-production credentials (base64 encoded, not encrypted)

• Always access encrypted paths over HTTPS

• Combine with Rate Limiting to stop brute-force attempts

• Do not use this for dynamic login pages — leave those to your backend authentication

🎯 Encrypt Path gives you instant, secure access control — with zero backend integration.

🧾 Overview

The Remove Request Value module allows you to strip unwanted or sensitive arguments from requests before they reach your backend servers. This can help prevent misuse of hidden features, developer flags, or outdated query parameters.

🛠️ How It Works

You define:

• Page Path – The URL to monitor (e.g., /checkout, /api/data)

• Argument Content – The name of the parameter (e.g., debug, token, env) to remove from the request

If a request includes the defined path and contains the specified argument, that argument is silently removed.

⚙️ How to Add a Rule

1. Navigate to Security Rules > Remove Request Value

2. Click Create Redactable Argument

3. Fill in:

   • Enter Page Path: the full or partial URL where the rule applies

   • Enter Argument Content: the parameter name to strip

4. Click Redact / Red Et

5. The argument will be removed from all future requests to that path

✅ Example

Request Before: GET /submit?email=test@example.com&debug=true

Rule:

• Page Path: /submit

• Argument Content: debug

Request After: GET /submit?email=test@example.com → debug parameter is removed

🔐 Why It Matters

Removing unnecessary or dangerous parameters helps:

• Prevent abuse of undocumented features

• Eliminate developer/debug switches from production

• Clean up noisy or irrelevant input before processing

🎯 Remove Request Value ensures clean, secure, and predictable request handling — directly at the edge.

📘 Overview

The Block URL Path module allows you to block access to specific URL paths on your site. Any incoming HTTP request that matches the defined path will be instantly blocked — regardless of its headers, parameters, or IP address.

🛠️ How It Works

You provide a full or partial URL path, such as:

• /admin

• /private/data.json

• https://yourdomain.com/debug

Once saved, all requests to that exact path will be blocked before reaching your backend.

⚙️ How to Add a Blocking Rule

1. Go to Security Rules > URL Path Blocking

2. Click Block URL Path

3. Enter the full or partial path to be blocked

4. Click Block

5. The rule is instantly enforced

📋 Example Use Cases

• Block access to /admin or /debug pages

• Block file downloads from /backup.zip

• Block access to hidden or deprecated directories

🔐 Why It Matters

Blocking unused or sensitive paths helps protect:

• Admin panels

• Development environments

• Exposed data files

• Misconfigured routes

This is a quick and effective way to reduce your visible attack surface.

🎯 Block URL Path offers an easy way to disable public access to risky paths without needing to change application code or server configurations.

📘 Overview

The Exclude Directory from Protection module allows you to bypass all active ShieldsGuard security mechanisms (WAF, rate limiting, filtering, etc.) for a specific directory path.

This is useful for public, static, or third-party resources that may not function properly under strict protection.

🛠️ How It Works

You define:

• Directory Path (e.g., /uploads, /public/images, https://yourdomain.com/assets/)

Once added, all requests to that path and its subpaths are excluded from protection and forwarded directly to your origin server.

⚙️ How to Add an Excluded Directory

1. Navigate to Security Rules > Exclude Directory

2. Click Specify Directory to Exclude from Protection

3. Enter the full path of the directory

4. Click Exclude from Protection

5. All traffic to that directory will now bypass ShieldsGuard security logic

✅ Example Use Cases

• Static file directories (JS, CSS, fonts, images)

• File upload areas with large payloads

• Public folders for client download access

⚠️ Important Notes

• No security filtering will apply to excluded directories

• Use only for safe, public, and static content

• Avoid excluding sensitive areas such as /admin, /api, or dynamic logic handlers

🎯 This feature is designed for performance and compatibility — only use it where security impact is minimal.

📖 Overview

The Access Log module in ShieldsGuard gives you real-time visibility into every single HTTP request received by your protected site. Unlike the Security Log, which only shows suspicious or blocked events, the Access Log displays a complete timeline of all traffic — regardless of whether the request was allowed or not.

This tool is essential for:

• Traffic analysis

• User behavior tracking

• Request debugging

• Service monitoring

🧠 What You Can See

Each entry in the Access Log includes:

🔍 Advanced Filtering Options

The Access Log includes a powerful filter bar to quickly narrow down logs based on:

• IP Address

• URL or path fragment

• HTTP Method (GET, POST, etc.)

• Status Code (e.g., 200, 403, 500)

• User-Agent

• Time Range

Use these filters to:

• Investigate unusual spikes in traffic

• Identify error-generating endpoints

• Track specific users or bots

• Analyze how visitors interact with your application

📈 Real-Time Analytics

The right-hand panel provides live statistics, including:

• Current Requests Per Second

• Most Visited URLs

• IPs making the most requests

• Distribution of HTTP Status Codes (Success vs Errors)

⚡ Live data updates in a 10-minute window. Use this view to detect bursts of activity or service pressure instantly.

📋 Use Case Scenarios

🛠️ Tips

• Combine Access Log with Security Log to correlate attack attempts with successful access.

• Use the Advanced Search to trace individual sessions across different routes.

• Monitor frequently requested but invalid URLs to identify potential probing behavior.

📌 Notes

• Logs are stored with timezone-aware timestamps.

• Only the most recent data (last 10 minutes) is shown by default. For historical data, use date range filters.

• Export options may be available depending on your ShieldsGuard license level.

🎯 Use Access Log for operational insight, usage visibility, and technical diagnostics. It is your always-on recorder of everything that reaches your infrastructure — whether benign or suspicious.

📖 Overview

The Logs section in ShieldsGuard provides real-time and historical visibility into all incoming traffic and security events across your protected applications.

With powerful filtering, search, and categorization capabilities, this section allows you to:

• Monitor all request activity to your website

• Investigate malicious behavior and blocked threats

• Conduct forensics and incident response

• Track behavioral patterns of users and attackers

📊 Log Categories

The log system is divided into two focused modules:

🔍 5.1 Access Log

Track every single request made to your site, including:

• IP address

• URL path

• Request method (GET/POST/PUT/...)

• Status code (200, 403, 404, 503, etc.)

• User Agent

• Timestamp

Ideal for:

• Identifying traffic trends

• Debugging routing or frontend issues

• Auditing general request flow

See Access Log →

🛡️ 5.2 Security Log

Displays only filtered, blocked, or flagged activity, including:

• Brute-force attacks

• SQLi/XSS/JITP pattern detections

• DDoS mitigations

• WAF or custom rule triggers

• IP-based blocks

Ideal for:

• Analyzing blocked threats

• Validating protection effectiveness

• Conducting post-incident investigations

See Security Log →

📅 Log Filtering Features

All logs are fully filterable by:

• Date and time range

• IP address

• URL path

• HTTP method

• Attack type (for security log)

• User-Agent

• Status code

Logs can also be exported or reviewed in real time for immediate response and situational awareness.

⚙️ Use Cases

🎯 ShieldsGuard Logs provide transparency, traceability, and visibility into every corner of your website’s traffic — empowering you to investigate, understand, and defend with confidence.

📖 Overview

The Asset Management module is the heart of your external surface visibility. It provides a centralized dashboard that continuously tracks, catalogs, and monitors the digital assets you own — including domains, subdomains, associated technologies, ports, IPs, and metadata.

Whether you're managing a single website or a complex infrastructure with dozens of services, this module gives you the visibility needed to secure your perimeter.

📊 What You Can See

Summary Cards:

• Total Asset (Domain) – Number of discovered domains/subdomains.

• Technologies – Total count of unique technologies detected across assets.

• Critical Vulnerabilities – How many unresolved, high-risk findings exist.

Statistics Panels:

• Asset Statistics – Radar chart showing distribution of technologies, ports, and asset counts.

• Vulnerability Statistics – Visual classification of detected issues by severity (Critical, High, Medium, Low, Info).

🔍 Domain Detail Breakdown

Each domain entry provides a comprehensive technical and security profile. You can expand it to view:

1. 🌐 General Information

• IP address & Port

• Protocol used (HTTP/HTTPS)

• ASN & ISP ownership

• Abuse score

• Country and geolocation

2. 🧩 Technologies

• CMS platforms (e.g., WordPress, Plesk)

• Libraries and frameworks (Bootstrap, Elementor, Google Fonts)

• Server stack (PHP, MySQL, NGINX)

3. 🧾 HTTP Headers

• Full response headers (security headers, cache controls, cookies)

4. 🔐 SSL Information

• Certificate issuer, subject, expiration dates, cipher strength

• SSL health based on scan engine (e.g., TLS 1.2, weak ciphers)

5. 📡 DNS Panel

• A/AAAA/MX/CNAME/NS/TXT records

• SPF, DKIM, DMARC validation

• DNSSEC validation state and change logs

6. 🆔 WHOIS Information

• Domain registrar

• Expiration & creation dates

• Raw WHOIS output

✅ This level of insight allows you to monitor your assets not just by IP or hostname, but by actual risk, technology, exposure, and ownership.

🔍 Search & Filter

You can search and filter assets by:

• Domain name

• Technology used (e.g., PHP, WordPress, React)

• Open port (e.g., 80, 443)

This helps isolate vulnerable or misconfigured environments, or group assets by technology stack.

🔐 Why It Matters

Without visibility, you can't protect what you don't know you have.

The Asset Management module helps:

• Detect shadow IT (unknown domains or services)

• Prevent tech stack sprawl and unmanaged exposure

• Monitor changes in infrastructure over time

• Serve as a foundation for vulnerability assessment

🧠 Use Cases

⚙️ Best Practices

• Run asset discovery scans on a regular schedule (e.g., weekly).

• Review port usage to detect unexpected exposures (e.g., non-standard ports).

• Monitor for newly added technologies that increase your attack surface.

• Combine with Vulnerability Scan (6.3) for actionable insights.

🎯 ShieldsGuard’s Asset Management doesn’t just give you a list — it builds a living, evolving picture of your digital perimeter. Know your assets. Reduce your risk. Secure with confidence.

📖 Overview

The Asset Management section is where you can track, analyze, and evaluate the external surface of your digital infrastructure. ShieldsGuard actively scans your domains, subdomains, technologies, and open ports — building a complete picture of your environment and its exposure.

This section consists of three functional modules:

• 6.1 Asset Management – Centralized view of domains, ports, and technologies

• 6.2 Network Topology – Visual mapping of interconnected nodes and services

• 6.3 Vulnerability Scan – Detection and classification of security weaknesses

🔎 This section allows you to monitor what you own — and ensure nothing is exposed without your awareness.

📖 Overview

The Security Log module in ShieldsGuard provides a dedicated view of security-related events — including blocked threats, monitored attacks, WAF rule triggers, brute-force attempts, and behavioral anomalies.

Unlike the Access Log, which shows all requests, the Security Log focuses only on suspicious, malicious, or policy-violating activity. It’s your go-to dashboard for investigating real threats and validating that ShieldsGuard is actively protecting your system.

🔍 What It Captures

Each entry in the Security Log includes:

🎯 Common Attack Types Logged

🧪 How to Use

• Investigate incidents: Search by IP, attack type, or URL to locate threats.

• Validate rule effectiveness: Ensure WAF rules and behavior protections are firing as expected.

• Correlate actions: Trace security events in combination with Access Log entries from the same IP or time range.

• Audit protection logs: Show proof of blocked or mitigated attempts for compliance/reporting.

🔍 Filtering & Search Capabilities

You can narrow the Security Log by:

• Date range

• URL Address

• Attack Type

• Operation Type (Monitored / Blocked)

• IP Address

All results can be expanded for detailed insight, including exact payloads, headers, and triggered security rules.

📋 Use Case Scenarios

🔐 Best Practices

• Review this log daily during high-risk periods (campaigns, launches).

• Cross-reference with your WAF configuration to optimize rule coverage.

• Use IPs found here to enrich your blacklist or inform your threat feeds.

• Enable notifications or alerts if your plan includes real-time webhook/report integration.

🧠 Why It Matters

Security Log provides evidence that ShieldsGuard is actively defending your infrastructure, giving you visibility into threats that were:

• Mitigated automatically

• Blocked before execution

• Detected and monitored (for behavioral learning)

🎯 The Security Log is your battlefield journal — it records every blocked attempt, monitored anomaly, and protected moment. It’s where real cyber defense becomes visible.

📖 Overview

The Network Topology module offers a visual and interactive map of your entire internet-facing infrastructure. It illustrates the relationships between your domains, IP addresses, technologies, ports, and vulnerabilities in real-time — enabling you to understand your attack surface as a connected structure, not just a list.

🧠 Think of this as a cybersecurity radar that shows how all your digital assets are linked, and where your weaknesses may lie.

🧩 What It Displays

🧱 Nodes:

Each node represents an entity in your infrastructure:

• Domain or subdomain (e.g., app.yourcompany.com)

• IP Address

• Open port or protocol (e.g., 443/HTTPS, 21/FTP)

• Technology in use (e.g., PHP, MySQL, WordPress)

• Associated vulnerability (if found)

🔗 Connections:

Lines between nodes show direct associations such as:

• Domains resolving to IPs

• IPs running services on specific ports

• Ports linked to technologies or risk factors

🎨 Node Indicators:

Each node is color-coded based on its type or threat level:

• 🔵 Domain

• 🟠 IP Address

• 🔴 Critical Vulnerability

• 🟡 High Risk

• 🟢 Safe

• ⚫ Unknown/Other

🖥️ Interactive Features

• Zoom & Pan — Explore the map freely or fit to screen

• Filter Nodes — Search by domain, IP, or vulnerability

• Layout Options — Switch between graph models (e.g., CoSE, Circle, Grid)

• Export — Download your topology as a PNG for reports or auditing

• Node Detail Panel — Click any node to view:

  • Associated ports

  • Technologies

  • Resolved IP

  • Detected vulnerabilities

🛠️ Why It Matters

Traditional asset lists can’t show how things are connected — and attackers exploit relationships.

This view helps you:

• Detect exposed nodes with shared risk

• Identify forgotten or shadow systems still reachable

• Spot single points of failure or shared infrastructure risk

• Understand potential pivot paths in case of breach

🔍 Example Scenarios

⚙️ Best Practices

🎯 The Network Topology module turns your digital surface into a visual map of risk. Not only will you see what’s online — you’ll see what’s connected, and what needs to be secured.

📖 Overview

The Subdomain Manage module allows you to create, configure, and monitor your subdomains with the same level of control and protection as your main domain.

You can manage DNS integration, toggle HTTPS redirection, and apply ShieldsGuard’s proxy security — all from a single dashboard.

🛡️ Subdomains often serve as entry points for attackers. Managing them effectively ensures that your entire domain hierarchy is secured, not just your root domain.

⚙️ Key Functions

✅ Subdomain Listing

Each row in the interface shows:

• Subdomain Name (e.g., login.yourdomain.com)

• DNS Label (e.g., login)

• Proxy Status (ACTIVE / INACTIVE)

• HTTPS Redirection (toggle)

• Resolved IP Address

• Action Buttons (Create / Manage / Delete)

🛠️ How to Create a Subdomain

1. Ensure your DNS records include an A record pointing the subdomain to the correct IP.

2. Open the Subdomain Manage module.

3. Locate or define the subdomain you wish to configure.

4. Click Create to activate ShieldsGuard’s edge protection and monitoring for that subdomain.

⚠️ If a subdomain does not appear, it may be missing from your DNS configuration.

🔄 HTTPS Redirection

You can enable HTTPS enforcement for any subdomain individually. This ensures:

• All http:// traffic is redirected to https://

• SSL certificates (ShieldsGuard-managed or custom) are applied

• Secure, encrypted connections are enforced site-wide

🧱 Proxy Status

Toggle ShieldsGuard protection per subdomain:

• ACTIVE → All traffic passes through ShieldsGuard's protection engine (WAF, DDoS, IP filtering)

• INACTIVE → Traffic bypasses ShieldsGuard and goes directly to the origin server

✅ Keeping the proxy enabled is recommended to ensure security policies are applied consistently.

🧨 Manage vs Delete

• Manage – Open detailed configuration and analytics for that subdomain

• Delete – Remove ShieldsGuard management and protection (does not delete DNS record)

📋 Use Cases

🔐 Best Practices

🎯 Subdomain Manage ensures that every endpoint under your domain is actively protected, encrypted, and visible to your security team.

📖 Overview

The Vulnerability Scan module provides real-time detection, classification, and visibility into the known and potential security weaknesses across your entire digital surface.

This system continuously analyzes exposed services, technologies, protocols, and configurations to identify vulnerabilities — then ranks them by severity so you know exactly what to fix, and where.

🚨 ShieldsGuard helps you stay ahead of attackers by showing what they see before they exploit it.

🔍 What It Scans

• Web application stack (WordPress, PHP, Plesk, etc.)

• SSL/TLS configuration and certificate health

• HTTP headers and content security policies

• Open ports and exposed services

• Publicly accessible endpoints

• CMS plugin versions

• Protocol vulnerabilities and misconfigurations

• Missing or misconfigured DNS and email security

🎯 Severity Levels

All findings are categorized using a clear, color-coded system:

Each severity level helps prioritize remediation based on real-world impact.

📋 Vulnerability Detail

Every finding includes:

• Affected domain and URL

• Risk level (color and label)

• Vulnerability type or CVE (if applicable)

• Description of the issue

• Discovery method

• Exact URL or port

• Suggested resolution

• Timestamp

• Quick access to “View” for more details

🧠 Example Findings

📈 Dashboard Features

• 📊 Risk Score Gauge — Visual snapshot of risk posture

• 📑 Security Findings Table — Fully filterable by severity or domain

• 🧮 Vulnerability Histogram — Severity-wise chart

• 🔍 Domain Filter — Narrow scope by subdomain or asset

• 📤 Export Capabilities — Download reports for audits or incident response

⚙️ How to Use It Effectively

🔐 Best Practices

• Integrate scans into your change and release cycle.

• Treat HIGH and CRITICAL findings as blockers in CI/CD.

• Review LOW/INFO items regularly for hygiene improvements.

• Use scan results to update your WAF, IP filters, and rules.

🎯 ShieldsGuard Vulnerability Scan is your early warning system — detecting what could be exploited before attackers do, and giving you a prioritized, actionable plan to fix it.

📖 Overview

The Access module in ShieldsGuard allows administrators to control and restrict incoming traffic based on geolocation, Internet Service Providers (ISP), and ASN (Autonomous System Number). It functions as a policy engine to regulate who can reach your system based on where they come from and who provides their connection.

This module is essential for:

• Blocking high-risk geographies

• Allowing only selected ISPs

• Reducing noise from unwanted regions or anonymous networks

• Enforcing compliance and regional access policies

📌 Access Control Methods

Access rules in this module are divided into three powerful and independent filters:

🗺️ 7.1 Block Country Entry

Purpose: Block or allow access based on the visitor's country.

Functionality:

• Select countries from a dropdown list.

• Add them to your block list or allow list.

• Traffic from blocked countries is denied immediately at the edge.

Use Cases:

• Block regions associated with botnet traffic.

• Enforce geopolitical or compliance boundaries.

• Allow only specific country-level user bases (e.g., national infrastructure).

🌐 Geolocation is determined by IP — updated via public geo-IP databases.

🛰️ 7.2 Permission by ISP Provider Name

Purpose: Allow or block access based on the ISP name (e.g., Turk Telekom, Comcast, China Telecom).

Functionality:

• Enter ISP names as they appear in resolved IP data.

• Apply rule to allow only trusted networks or block known problematic ones.

Use Cases:

• Restrict access to enterprise-level traffic from known commercial providers.

• Block residential proxies or cloud ISP abuse sources.

• Whitelist research institutions or infrastructure providers.

#️⃣ 7.3 Authorization by ISP Provider Number (ASN)

Purpose: Enforce access control at the Autonomous System Number (ASN) level — the unique identifier assigned to ISPs and large network blocks.

Functionality: