Security that doesn't slow you down
CDN + attack protection is the standard today, not a luxury. Every 4hosting plan has basic anti-DDoS and optional Cloudflare integration with one click. For enterprise apps we add a WAF with OWASP Top 10 rules. Polish shops often face attacks on Black Friday — our customers ride through peak without losing a second of uptime.
CDN — global network available in 60 seconds
Cut page load from 800 ms to 80 ms with edge caching. CDN caches static assets (CSS, JS, images, fonts) in 300+ locations worldwide. For Polish clients: edge nodes in Warsaw and Frankfurt. Bonus: CDN cuts origin transfer costs by up to 80%.
300+ edge nodes
Global Cloudflare or bunny.net network. The Warsaw edge keeps Polish traffic under 15 ms.
Edge caching
Static assets cached at the edge. TTL controlled via Cache-Control headers.
Brotli + WebP
Automatic compression and image conversion. Pages weigh 40% less with no code changes.
HTTPS and HTTP/3
Automatic SSL with Let's Encrypt, HTTP/3 (QUIC) support. Better for mobile.
Anti-DDoS — layer L3 to L7
Every VPS and dedicated server has basic anti-DDoS included. For high-risk apps we offer advanced application-layer (L7) filters. Polish e-commerce on Black Friday and holiday season is particularly exposed — our infrastructure is sized for 10× standard peak.
Network and transport
Packet filtering at the IP/TCP level. We block UDP flood, SYN flood, ICMP flood before they reach the VPS.
Application layer
Protection against HTTP flood, Slowloris, Layer-7 bot attacks. Rate limiting per IP/region/path.
Bot detection
Identification of crawlers, scrapers and automation. Whitelisting for GoogleBot, Bingbot.
WAF — Web Application Firewall
The Web Application Firewall blocks common web app attacks — SQL injection, XSS, RCE. Rules aligned with OWASP Top 10, auto-updated. For WordPress we add special anti-bruteforce rules on wp-login.php. You can write custom WAF rules in the customer panel (ModSecurity rules).
- SQL injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Remote Code Execution (RCE)
- Local File Inclusion (LFI)
- WordPress brute force (wp-login.php)
- Bot traffic shaping
- Geo-blocking per request
Cloudflare integration — step by step
Cloudflare integration takes 5 minutes. We do most steps automatically on your behalf. Works for any domain, whether you host only the site with us or your whole infrastructure.
Enable Cloudflare in the panel
In the customer panel, "Domains" → pick a domain → toggle "Cloudflare". We automatically create the resource in your Cloudflare account (or via our account).
Update nameservers
Cloudflare needs NS changes at your registrar. We show the exact values (e.g. liz.ns.cloudflare.com). Propagation: 1-24h.
Configure cache rules
Default cache rules are safe for most sites (static assets cached, dynamic bypassed). You can override per-path in the CF panel.
Enable WAF and Rate Limiting
Security section. Enable "OWASP Core Ruleset" (paranoia level 2 for most apps). Rate limiting: 100 req/min per IP to start.
Monitor for 7 days
Cloudflare Analytics shows traffic, blocked attacks, cache hit rate. If you see false-positive blocks, we help tune WAF rules.
SSL/TLS — full transport protection
HTTPS is the 2026 standard. We provide free Let's Encrypt certificates, but for business-critical apps we also offer EV (Extended Validation) certificates with legal company verification. All auto-renewed, no intervention required.
Let's Encrypt (DV)
Free automatic SSL for any domain. Renewed every 60 days. Sufficient for 95% of sites — including e-commerce.
EV — Extended Validation
Certificate with legal company verification. Browsers show the company name. Required by some banks and fintech. 290 PLN/year.
Wildcard SSL
One cert for *.your-company.pl. Ideal for agencies with client subdomains. Free via Let's Encrypt.
mTLS (mutual TLS)
Mutual certificate verification — client + server. For B2B APIs and partners. We configure with your help.
Monitoring, logs and security analytics
What's happening on your server and with your traffic? You don't guess — you get real-time visibility into logs, attacks and performance. All integrated with Prometheus and Grafana.
Real-time logs
Loki + Promtail collect logs from nginx, apps and firewall. Query in Grafana, alerts on anomalies. 90-day retention.
Security analytics
Cloudflare gives a dashboard for every blocked request, attack geo-map, top-N IPs. Export to your SIEM via Logpush.
Performance metrics
Core Web Vitals (LCP, FID, CLS) measured from real users via Real User Monitoring. We surface the specific files slowing your site.
Uptime monitoring
We check the site from 5 locations every 30 seconds. SMS and email on outages. Public status page for your customers (optional).
Frequently asked questions
Does Cloudflare require changing nameservers?
For full integration — yes. Cloudflare must manage DNS for traffic to go through their edge. Alternative: Cloudflare CNAME setup (Partial Setup) where only some subdomains route through CF. We help pick.
What if Cloudflare blocks a legitimate user?
You can review WAF logs, add IP/region to the allowlist, or adjust rule paranoia level. For recurring false-positives, we help optimize rules.
Can I use my own SSL cert (e.g. DigiCert)?
Yes. In the customer panel you upload cert + private key, we configure nginx/Apache. Also works with Cloudflare as origin cert.
Does WAF impact performance?
Cloudflare WAF runs at their edge, so latency is under 5 ms (rule checks). Local ModSecurity may add 1-3 ms per request — usually negligible.
Do you offer scraping protection?
Yes, via Cloudflare Bot Management (paid ~$50/mo at the Cloudflare level). Detects advanced bots via JavaScript fingerprinting. For simpler scraping — rate limiting and CAPTCHA on suspicious requests.
Enable CDN and WAF with one click
Every VPS and dedicated plan has an "Enable Cloudflare" toggle in the panel. Activation in 60 seconds. First 30 days with our WAF configuration free of charge.
See VPS plans →
