About Deflect

Deflect is a distributed infrastructure built to mitigate DDoS attacks and keep your website accessible at all times.

Deflect Subprojects


Ansible playbooks to setup your own Deflect DDoS mitigation infrastructure, built on Debian 9

Auto Deflect

Ansible playbooks to setup your own Deflect DDoS mitigation infrastructure, built on Debian 7


Simple pubsub-based IP banning engine. Subscribes to a ban publisher, bans the IPs and then unbans them after a configured time period. Designed to work in concert with Banjax.


a system for collecting, storing, and calculating DDOS attack characteristics in order to build attack fingerprints and classify botnets.


A utility for bundling resources in web pages into a single page by inlining them using the data URI scheme. It is designed to be easy to use in all kinds of scenarios, ranging from ones where one simply wants to produce a web page with certain resources bundled to scenarios where one would like to proxy resource requests, include caching functionality, modify request headers, and more.


A service for proxying requests via bundler, with support for remapping based on host header and other features for encapsulating and providing access to bundled content.


Apache Traffic Server Plugin performing various anti-DDoS measures, including pattern-based banning, JavaScript browser challenge-responses, captchas and authenticated access to uncached sections of websites.


Edgemanage is a tool for managing the HTTP availability of a cluster of web servers via DNS. The machines tested are expected to be at risk of large volumes of traffic, attack or other potential instability. If a machine is found to be underperforming, it is replace by a more performant host to ensure maximum availability.


Learn2ban is a machine learning anti-DDoS tool. It uses support vector machines to learn about HTTP traffic access patterns and then use this information to determine when attacks and happening and how.


A tool for using the data generated by Learn2Ban to actively classify incoming traffic and use the generated classifications to determine whether user activity is a malicious bot or a legitimate access. Runs on edges in tandem with Banjax and Swabber. Soon to be reimplemented as part of Banjax.


Not strictly related to the Deflect system but part of the broader infrastructure - a system for automating the deployment of differential, encrypted, off-site backups.