Welcome to GatewaySentry Docs¶
These docs cover everything you need to protect your websites and servers using GatewaySentry. Whether you're just getting started or fine-tuning an existing setup, you'll find step-by-step guides and complete field references here.
New to GatewaySentry? Read the short intro below, pick which kind of protection fits your service, and follow the linked setup guide.
Already set up? Jump straight to the Documentation Index at the bottom of this page.
What is GatewaySentry?¶
GatewaySentry is an edge-based traffic protection platform. It sits between your users and your servers, inspecting and filtering traffic before it ever reaches your origin. The result is fewer successful attacks, less automated abuse, and better visibility into who's actually trying to use your service.
GatewaySentry offers two protection products:
- Web Protection — for HTTP and HTTPS web applications. Traffic is routed through GatewaySentry's anycasted network via DNS, and you control behavior with rich Flow Rules covering challenges, CAPTCHAs, rate limits, caching, and response shaping.
- Network Protection — for any TCP or UDP service (game servers, APIs, custom protocols). Traffic is routed through a dedicated staple IP, with packet-level firewall rules and a choice of proxy modes including reverse proxy and tunnels.
You can use either, both, or run multiple instances of each — one per service you want to protect.
Choose Your Path¶
Not sure which product is right for your service? Here's a quick side-by-side:
| Web Protection | Network Protection | |
|---|---|---|
| Best for | Websites and web APIs over HTTP/HTTPS | Game servers, custom TCP/UDP services, anything that isn't HTTP |
| How traffic reaches it | DNS CNAME/ALIAS record points to GatewaySentry's anycasted network | DNS or client connects directly to your dedicated staple IP |
| Origin setup required | None | None for basic Reverse Proxy; tunnel modes need a setup script |
| Rule type | Flow Rules (challenges, CAPTCHA, rate limits, caching, header rewriting) | Firewall Rules (Accept/Drop by direction, protocol, ports, IP, connection state) |
| Operates at | Application layer (HTTP) | Network layer (IP) |
Running both? If you have a website and a separate backend or game server, you can use Web Protection for the site and Network Protection for the backend. They're complementary, not exclusive.
"I want to protect my website"¶
- Follow Adding Web Protection to point your domain through GatewaySentry.
- Configure Flow Rules to define how traffic is challenged, filtered, and shaped.
"I want to protect a server or non-HTTP service"¶
- Follow Adding Network Protection to request a staple IP, pick a proxy mode, and activate. (If you chose GRE Tunnel mode, also see Setting Up Director.)
- Configure Firewall Rules to control which packets reach your origin.
Documentation Index¶
Web Protection¶
- Adding Web Protection — Create a Web Protection instance, configure your application's FQDN and origin, and set up the DNS record that points your domain at GatewaySentry's anycasted network.
- Web Protection Flow Rules — Full reference for every Flow Rule field, including challenge modes, Sentry strictness levels, JSC proof-of-work, Puzzle CAPTCHA, rate limits, block lists, redirects, edge caching, response headers, HSTS, and CORS.
Network Protection¶
- Adding Network Protection — Request a staple IP, choose a proxy mode (Reverse Proxy, Reverse Proxy + PROXY Protocol, GRE Tunnel, or FOU Tunnel), activate the proxy, and direct traffic to your staple IP.
- Network Protection Firewall Rules — Full reference for IP-layer firewall rules covering direction, protocol, ports, source/destination IP, connection state matching, and the default policy.
- Setting Up Director — Install and run Director, GatewaySentry's helper script for establishing the GRE tunnel between your origin and GatewaySentry's edge. Required when your staple IP is in GRE Tunnel mode.
Need Help?¶
If you can't find what you're looking for in these guides, please reach out to GatewaySentry Support.