Skip to content

Profiles

Open Network configuration > Profiles.

Profiles are ready-made protections for common server use cases, including game servers.

ColumnMeaning
ProfileThe protection name.
ValueA setting the profile needs, usually a port number.
AboutWhat the profile does and when to use it.
StatusWhether the profile is enabled or disabled.

Drops packets that pretend to come from private, loopback, or link-local IPv4 ranges.

Use it when:

  • The interface is public-facing.
  • The server should not receive private-source internet traffic.

Avoid it when:

  • The server is used inside a private LAN.
  • Private networks must reach services on this interface.

Allows website traffic on ports 80 and 443 only from Cloudflare IPv4 proxy ranges.

Use it when:

  • Your website uses Cloudflare proxy mode.
  • Visitors should connect through your domain, not directly to the server IP.

Avoid it when:

  • You do not use Cloudflare proxy mode.
  • Direct access to ports 80 or 443 is required.

Temporarily blocks clients that send unusually high-volume website traffic.

This profile protects HTTP, HTTPS, and HTTP/3-style QUIC traffic on your selected ports. It is useful when a small number of sources are sending too much traffic and you want LetSecure to slow them down before the web server has to handle the packets.

Input:

InputWhat to enter
HTTP portThe port used for plain HTTP. Default is 80.
HTTPS portThe port used for HTTPS and QUIC. Default is 443.

Use it when:

  • Your website is public and receives bursts from abusive clients.
  • You want a simple rate-limiting profile for web ports.

Avoid it when:

  • Your website legitimately receives very high traffic from a small number of IPs.
  • You need application-level request rules, such as path-based or login-specific limits.

Keeps your website reachable during sudden traffic floods.

When attack traffic spikes, LetSecure temporarily limits unknown new visitors on your web ports while allowing recently active visitors to keep browsing. This is native XDP protection, so it works before traffic reaches your web server.

Input:

InputWhat to enter
HTTP portThe port used for plain HTTP. Default is 80.
HTTPS portThe port used for HTTPS. Default is 443.
New connectionsHow many new web connections are allowed during the window.
Window secondsThe time window used for the connection threshold.
Lockdown secondsHow long unknown new visitors are limited after the threshold is crossed.
Trusted secondsHow long recently active visitors stay trusted.

Use it when:

  • Your website must stay available during traffic floods.
  • You want established visitors to have a better chance of staying connected.
  • You need host-level protection even before the web server or reverse proxy responds.

Avoid it when:

  • You need full HTTP request inspection. HTTPS requests are encrypted before they reach XDP, so this profile tracks connection behavior, not page URLs.
  • Your site frequently receives large legitimate bursts of new visitors and you have not tuned the threshold yet.

Drops high-rate new SSH connection attempts and temporarily blocks abusive IPs.

Input:

InputWhat to enter
SSH portThe port your SSH server uses. Default is 22.

If SSH uses another port, enter the correct port before enabling the profile.

Allows SSH connections only from one selected IPv4 address or CIDR and drops other IPv4 TCP traffic to the selected SSH port.

Input:

InputWhat to enter
Allowed IPv4/CIDRThe source IP address or subnet that may open SSH.
SSH portThe port your SSH server uses. Default is 22.

Keep a provider console or another access path available before enabling an SSH access rule.

  1. Disable the profile.
  2. Change the value.
  3. Enable the profile again.
  4. Test the service.