Lessons from the most demanding users of WEDOS Global Protection


Over the past year, WEDOS Global Protection has come a long way. Thanks to feedback from testers, customers and interested professionals, we have taken it to a completely different level. From pure cyber protection that protects every website, we have gradually crafted a service that can also use the web CDN cache to significantly speed up the customers’ websites. However, the biggest challenges were brought to us by the most demanding users of the WEDOS Global Ultimate plan.

We are a government and we need to operate under our own ASN

At the turn of May and June 2023, we went to the USA to present our WEDOS Global infrastructure at one of the most important events in the world, CloudFest USA. We definitely did not fit in with the other exhibitors. We wanted to show that even a company from Europe can build a global infrastructure capable of protecting websites from current and future cyber threats.

At the event, our boss Josef Grill and our sales director Vendula Králová gave a talk about how we built WEDOS Global and what our ambitions are. This drew a lot of attention, and by the end of it, our boss was surrounded by a group of curious listeners. He likes to talk, so we let him. 🙂

But when he didn’t come back even after a few hours, we started to worry…

A representative of an organization that protects one state (5 times larger than the Czech Republic) overheard his talk. He spoke to our boss afterward, explained his position and suggested that he give it a try. You can try WEDOS Global Protection free of charge and obligations within the trial version for 15 days.

The next day, he came running to our booth all excited and said that he liked WEDOS Global, and that we are (in many ways) better than their current supplier, who offers similar services and is among the best known in the world. They would certainly give us a chance, but we have to offer them something that no one else in the world is doing yet (they asked for a lot). They were interested in our entire system, but under their ASN.

Our boss said it wasn’t a problem.

What is ASN?

Think of ASN as a unique identification number that allows individual network systems – or Autonomous Systems – to appear and communicate in the global Internet community.

Each ASN is assigned to a specific group of network routes that are managed by one or more organizations. This number is the key to efficient and secure routing of data packets over the Internet.

By using ASNs, network systems can collaborate, share information efficiently, and create a robust and interconnected digital world of the Internet. ASN is therefore not only a technical tool, but also a symbol of connection and cooperation in the digital age, where each network contributes to the greater whole and opens the door to endless possibilities for innovation and progress.

Our boss saw great potential in it. He has enough technical knowledge to know that this is theoretically possible, because he was at the birth of the Czech Internet and at that time he built the number one Czech hosting company on the market, which he later sold, from scratch.

All he had to do then was explain it to the team responsible for the development of WEDOS Global and the networkers. Everyone had a lot of questions, but when you break down a big task into small steps and explain all the ambiguities, nothing is impossible.

And so today, within WEDOS Global Ultimate, you and your customers can be protected under your ASN, your IP addresses and DNS, where the name servers contain your own domain. There is no mention of WEDOS anywhere. 😉

We are a large corporation and we need to have an overview of what you are actually blocking

OurTO DO list also contains statistics for the WEDOS Global Protection service. Currently, the administration only has a summary of some basic data, but we are registering and evaluating so much more of it, including the nature of various types of attacks. In the future, we want to share them with users as well, but the development of comprehensive and clear statistics is challenging and our developers currently have other priorities.

However, if a large multinational corporation comes to you saying they like the service, but their IT department needs to see what exactly is being blocked at the application layer, how difficult would it be to do that?

Fortunately, we have skilled colleagues in the team who can prepare very nice reports in Grafana for demanding customers with Ultimate. They were already doing reports for our service with dedicated performance – WMS right in the Grafana interface. Everything was ready within a few days.

The reports pull data directly from our logs and are not intended for ordinary users, but for experienced IT workers who have experience with cyber security.

This moved us forward by a lot, mainly because we understood that without detailed reports and messages for selected customers who are happy to pay for the work of specialists, it will not work in the future. Also for this reason, two new data analysts expanded our team at the end of 2023.

We are a bank and we don’t want you to see our traffic

After Russian hacktivists attacked Czech banks at the turn of August and September 2023, several people from their IT department contacted us asking about our solution. From the beginning there was a problem with the price (you are too cheap, therefore your service can’t be good), which was the main problem of the management of financial institutions. They would rather have overpriced gadgets from large companies that don’t even focus on cyber security.

On the contrary, those who understand IT know that tens of millions of gadgets, where filtering is often handled manually, are not the solution, and that a big name in the field of providing telecommunication services does not equal quality defense against attacks. We had several hours’ worth of calls where we presented what we do and how we do it.

Probably the biggest snag was that even though the last attacks on banks went through the application layer (L7), they were not very interested in this protection. Conversely, everyone is afraid of traditional volumetric L3/L4 brute force attacks. Most believed they could handle L7 on their own and only needed the protection of L3/L4. We didn’t really think about that during the design.

The problem with L7 protection is that you have to see the actual traffic. Only then can you evaluate each individual request, whether it is an attack or not. If the bank were to deploy our solution and we could see everything, we would basically see all the communication between the bank and its customer. That scared them a little.

So we came up with a proposal that it would be possible to filter only L3/L4 and turn on L7 only in the event of an attack. At the same time, switching the L7 on can be either automatic or manual. They considered this to be an acceptable compromise, so they decided to gradually start testing our solution.

This requirement has taken the entire WEDOS Global Protection service in the Ultimate tariff to a completely different level. For one, we were able to start offering purely L3/L4 protection against traditional volumetric DDoS attacks with the ability to trigger L7 as needed, but it also led us to selective L7 protection. For example, we can protect the entire public website completely and only protect the administration on request.

When we combine this with the new cache protection, your public web presentation is super fast all over the world, and at the same time attackers attack static content, which we return to them faster than other forms of protection (captcha, cookie redirection, etc.).


Although WEDOS Global Protection is presented as a service for every website from the smallest personal presentation to e-shops that you host on your own servers, and the low price corresponds to this, this does not mean that it is a “cheap” service. The price of the Start and Advanced variants comes from only using common filters, infrastructure and computing power. Everything is calculated for hundreds of thousands and millions of users.

On the other hand, there is the Ultimate variant, where prices start at 1,000 € without VAT per month. This is basically a tailor-made template for protection, caching, filtering and other custom settings on our specialized reverse proxy servers. You also pay extra for each additional custom item.

Do you want your own IP addresses? No problem! Want custom error pages? No problem! Do you want to cache absolutely all content in all locations and check every second if the website has been updated so that the cache can be updated as well? No problem! Do you want your own specialist who will monitor suspicious activity every day and get back to you with recommendations on how to improve security and prepare documents for authorities in the event of an incident? No problem, but it costs something. Human labor is especially expensive.

In the past, WEDOS avoided on-demand services, because we offered quality hosting for the widest possible customer base, and those who did not find their specific solution with us could go to the competition. However, it is precisely the individual services that pushed WEDOS Global Protection forward so much last year.

In addition, interest in customized WEDOS Global Protection is growing, and it is quite possible that in the future WEDOS Global Ultimate will be served by a separate department with individual support, marketing, and also dedicated data and security analysts.