In the Website field, enter the URL of the site to protect. The information about your site is then automatically filled in, including the IP address and the CNAME. If nothing appears, it means that your site doesn't exist or that DNS resolution could not be achieved.


A number of options are then offered to you with default values:

1. Force HTTPS redirection: 

If you want all incoming requests from your visitors to be in HTTPS, choose "Yes". 

In order to prevent from Man-In-The-Middle attacks, you can choose "Yes with HSTS", it will force browsers to connect in HTTPS to your website. 
includeSubdomains attribute applies this behavior to all of the site's subdomains as well.
preload attribute registers your domain in Google HSTS preload service, ensuring that browsers will connect to your domain in HTTPS.

2. Protocol between OGO and your origin server :

This is the communication protocol to be used between the OGO servers and your backend. If you have an SSL certificate on your backend, choose "HTTPS".

3. "Audit" mode :

The Audit mode allows you to simulate the functioning of the OGO solution without blocking malicious requests. The dashboard returns all the information as if the protection was activated: attacks are indicated as blocked but this is not the case.

4. Delete X-Forwarded headers :

HTTP X-Forwarded headers allow you to provide information about the origin of requests (such as the client's origin IP address, the port and protocol used, etc.) and forward it to your servers. By default, these headers are automatically added, but in some rare cases, you can choose not to have them forwarded by enabling this option.

5. Never check origin server certificate :

If HTTPS is activated between OGO and your backend, OGO checks the validity of your certificate. If your certificate is expired or is self-signed or generated by an unknown certificate authority, communication will be interrupted and your site will be inaccessible. Enabling the option will let you renew your certificate without interrupting communication.

Warning: this opens the possibility of a Man-in-The-Middle attack. It is recommended to use this option with caution.

7. Tags :

You can add tags on websites to retrieve them by tags.

By activating the "Passthrough" mode, the OGO protection is completely disabled. Requests are directly transmitted to your servers, no more analysis is done and no information will appear on your dashboard. Only the Let's Encrypt certificate management remains active.6. "Passthrough" Mode :

Once you have clicked on the "Save" button, your site status will automatically switches to "created and waiting for DNS switchover" mode, indicating that it is ready to be protected and that you only need to modify your DNS records to make the traffic pass through Ogo. An email is then sent to you with all the required information for the DNS switch.

Note: the switch may take up to 15 minutes to be visible on your Dashboard.


DNS Switch

Continue your reading with the DNS Switch article below.