Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.osto.one/llms.txt

Use this file to discover all available pages before exploring further.

Once added and DNS-pointed, every request to them flows through Osto for inspection before reaching your origin.
Path: Assets → Domains → Manage Domains

The domain list

The Manage Domains page shows every domain you’ve registered with these columns:
ColumnWhat it shows
FQDNThe full domain name (e.g. api.example.com).
Updated AtTimestamp of the last configuration change.
Website NameFriendly name for the website (auto-derived from the FQDN by default).
StatusCurrent state — draft, active, etc. New domains start as draft until DNS is pointed and traffic is flowing.
Firewall ModePer-domain toggle: Detect Mode (observe and log only) or Prevent Mode (actively block).
ActionsEdit (pencil) and Delete Website affordances.
The top-right WAF Details button surfaces protection summaries.

Firewall Mode — Detect vs. Prevent

Each registered domain has a Firewall Mode toggle directly in the table. This controls how Osto handles malicious requests it identifies:
  • Detect Mode — Osto inspects every request and logs anything suspicious, but does not block. Use this when onboarding a new domain so you can review what Osto would have blocked before going live.
  • Prevent Mode — Osto inspects every request and actively blocks anything malicious. This is the production setting.
Recommended onboarding pattern: start in Detect Mode for the first few days, watch Logs → Web App for false positives, then flip to Prevent Mode once you’re confident the policies are correctly tuned.

Adding a Website or Subdomain

The same flow handles root domains and subdomains alike. It’s a two-step wizard.

Step 1 — Domain, origin, TLS & CDN

1

Open the Add Website dialog

Go to Assets → Domains → Manage Domains and click Add Website +.
2

Enter and verify your domain

In the Domain Name field, enter the domain (e.g. example.com or app.example.com) and click Verify. On success you’ll see “Domain verified successfully” with a green check.
3

Configure origin servers

The form expands with two Server IP or LB Domain fields. Suggested origin IPs appear as chips below each — click a chip to fill, or type your own. Use both fields for high availability; use only the first for a single-origin setup. For multiple IPs in one field, separate them with commas.
4

Set TLS version

Multi-select dropdown. Defaults to TLS 1.2 + TLS 1.3 (shown as “2 selected”). TLS 1.1 is available but off by default.
5

Select CDN usage

Choose your CDN if your site sits behind one — Osto adjusts request-header handling so client IPs and other forwarded metadata are interpreted correctly. Options: Not Using CDN, AWS CloudFront, Google Cloud CDN, Azure CDN, Others.
6

Proceed to certificate setup

Click Next to move to certificate setup.

Step 2 — Certificate Configuration

This is where Osto figures out which TLS certificate to present to clients hitting your domain. You have two paths: Leave Auto-generate certificate checked. Osto provisions a free SSL certificate on your behalf using industry-standard ACME validation. To prove you own the domain, you add one CNAME record at your DNS provider:
FieldValue
TypeCNAME
Name_acme-challenge.<your-domain> (shown in the dialog with a copy button)
Valuethe target shown in the dialog — use the copy button
TTL60
After adding the record, wait a few minutes for DNS to propagate, then click Verify CNAME Record. Once verified, Osto issues the certificate and the domain moves out of draft.

Option B — Bring your own certificate

Uncheck Auto-generate certificate. Two sub-options appear:
  • Select Certificate — dropdown listing every certificate you’ve already uploaded under Manage Certificate. Pick the one whose Common Name covers your domain.
  • Certificate Archive (ZIP) — drag-and-drop a .zip file containing the certificate and private key, or click to browse.
The ZIP must contain valid certificate files (.crt, .pem) and private key files (.key, .pem).
Click Next to finish. The uploaded certificate also appears in Manage Certificate for future reuse.

Step 3 — Point your DNS

Once the dialog closes, the domain appears in the list with status draft. The final step is at your DNS provider:
  • Update the domain’s A record to the Osto IP shown after Save.
  • Set TTL to 600 seconds for fast propagation.
Status flips from draft to active once Osto observes traffic flowing through.

Editing a Website or Subdomain

Click the edit (pencil) icon on the row. The dialog opens directly to the Step 1 form with your existing values pre-loaded — you can update origin IPs, TLS versions, or CDN usage and click Save. To change a domain’s Firewall Mode, click the Detect Mode or Prevent Mode button directly in the row — no need to open the edit dialog.

Deleting a Website or Subdomain

Click Delete Website on the row and confirm.
A parent domain can’t be deleted while it still has registered subdomains — delete the subdomains first. After deletion, traffic to that domain bypasses Osto until you also revert the DNS A record at your provider.

What happens after a domain is active

  1. Every request hits Osto first.
  2. Attack Detection runs (TLS, protocol, headers).
  3. Advanced checks (OWASP, DDoS, bot mitigation) inspect the request body and behavior. Whether they block or merely log depends on Firewall Mode.
  4. Clean requests forward to your origin; malicious ones are blocked (in Prevent Mode) or recorded (in Detect Mode).
  5. Findings stream into Logs → Web App Logs and into the Compliance Engine as evidence.