Securing a 20,000+ Site PBN with
Custom WAF & Dedicated Power
How Middlehost consolidated 40 unstable VPS instances into a high-performance dedicated cluster with a purpose-built HAProxy WAF.
Background
NavTech operates Backlinkhuber.com, managing a massive Private Blog Network (PBN) of approximately 20,000 websites. In the highly competitive SEO industry, maintaining 100% uptime is critical for ranking stability and client trust.
Before moving to Middlehost in January 2023, NavTech was struggling with a fragmented infrastructure spread across 40 high-end VPS instances from another provider, each ranging from 8GB to 16GB of RAM.
The Challenge
The primary issue wasn't just scale, but targeted aggression and massive bot traffic. NavTech faced several critical challenges:
- Frequent Downtime: Competitors frequently launched heavy attacks, causing the VPS instances to crash regularly.
- Bot Traffic Management: A significant portion of the traffic was from bots like Ahrefs and SEMrush. While these bots are integral to NavTech's business, their aggressive crawling patterns often led to resource exhaustion and server instability.
- Resource Fragmentation: Managing 40 separate high-end VPS instances created massive administrative overhead and inconsistent performance.
- Slow Load Times: Under heavy load or attack, the websites became sluggish, negatively impacting SEO performance.
The Solution
Middlehost engineered a multi-layered defense and consolidation strategy. Instead of blocking essential SEO bots, we implemented an intelligent throttling solution that allowed Ahrefs and SEMrush to continue their work without compromising server stability.
Consolidation to Managed Dedicated Servers
We proposed moving NavTech from their fragmented VPS setup to multiple high-performance Managed Dedicated Servers. This provided the raw power needed to handle 20k+ sites while simplifying management.
By moving to bare metal, NavTech gained full access to hardware resources, eliminating the "noisy neighbor" effect and providing a stable foundation for their entire network.
Purpose-Built WAF Architecture
To combat the targeted attacks, we developed a custom Web Application Firewall (WAF) module. We deployed multiple separate VPS instances to act as a security layer in front of the dedicated servers.
WAF Technical Stack
Based on HAProxy with a custom UI built in Laravel, the WAF provides:
- Intelligent Throttling: Rather than blocking essential SEO tools, the WAF throttles requests from bots like Ahrefs and SEMrush based on several custom pointers, ensuring they remain operational without overloading the servers.
- Pattern Blocking: Instant blocking of known malicious signatures and aggressive competitor-led attacks.
- IP Whitelisting: Critical endpoints like
wp-adminandxmlrpc.phpwere restricted to the client's office IPs for absolute security. - Isolated Protection: By running on separate machines, the WAF stays operational even if the webservers are under heavy load.
Enterprise Monitoring Stack
We integrated NavTech's infrastructure into our internal monitoring stack based on Prometheus and Grafana. This allows our team to monitor server health, traffic patterns, and attack attempts in real-time.
Our team receives instant alerts for any anomalies, allowing us to adjust WAF rules and server configurations before the client even notices a potential issue.
The Results
A more secure, stable, and cost-effective infrastructure for one of the largest PBNs in the industry.
Consolidating 40 VPS into multiple dedicated servers cut monthly infrastructure costs in half.
The custom WAF successfully throttles and blocks aggressive competitor attacks.
Perfect uptime and fast loading speeds across the entire Private Blog Network.
Technologies Powering NavTech
Facing Infrastructure Challenges?
Whether you're managing a massive PBN or a single high-traffic application, our experts can design a secure, scalable solution tailored to your needs.