Skip to main content
1

Step 1: Add Your Domain to Kyvic

In your Kyvic Console, go to Services → Aegis → Protected Domains, then add the domain or subdomain you want to protect (for example, www.example.com).When adding your domain, you’ll need to tell Kyvic where your website is hosted. Enter your hosting’s static IP address (e.g., 123.45.67.89) or an existing hostname (e.g., my-server-hostname.com). You can typically find this information in the dashboard of your provider, whether it’s a traditional host (like GoDaddy, Bluehost, or Namecheap) or a cloud service (like Hetzner, AWS).Our platform will then provide you with the necessary DNS records for the next step.
2

Step 2: Configure Your DNS

This is the most important step. You’ll be pointing your domain’s traffic to the Kyvic Aegis network. Log in to your domain registrar or DNS provider (e.g., Cloudflare, GoDaddy, Namecheap) to make these changes.
This is for your “bare” domain, like example.com(without the “www”)
  • If your provider supports CNAME Flattening: Some providers, like Cloudflare, allow you to set a CNAME record on your root domain. If so, follow the same steps as Option A for your root (@) record.
  • If your provider does NOT support CNAME Flattening: This is very common. The industry-standard solution is to set up a simple redirect.
    1. Set up Kyvic for your www subdomain as described in Option A.
    2. Create a rule in your registrar to redirect all traffic from the root domain (example.com) to your protected subdomain (www.example.com).
3

Step 3: Activate Your SSL Certificate

To keep your site secure with HTTPS, we need to verify your domain ownership.
  1. In your Kyvic Console, navigate through Services → Aegis → Protected Domains → DNS Configuration. On the DNS Configuration tab, you should see one or two TXT records with names such as _acme-challenge.
  2. Copy these TXT records and add them to your DNS provider. This is a one-time verification step to confirm ownership of your domain.
  3. Once you’ve added the records, our system will automatically detect them and issue a free SSL certificate for your domain. The certificate is fully managed, so you don’t need to worry about renewals or expiration.
4

Step 4: Lock Down Your Origin Server Firewall

If you use a Web Application Firewall (WAF) or server firewall, you must whitelist our network IPs to prevent your WAF from blocking legitimate traffic and prevent attackers from bypassing Kyvic.
  1. Get Cloudflare’s IPs: The Kyvic Aegis network runs on Cloudflare. Get the official IP list from cloudflare.com/ips.
  2. Create an IP Set: In your WAF provider’s dashboard (like AWS WAF), create an “IP Set” containing all of Cloudflare’s IP ranges.
  3. Create an “Allow” Rule: Add a rule to your WAF that allows any traffic coming from the Cloudflare IP Set. This rule should have the highest priority (e.g., run first).
  4. Block all other traffic to your web ports (80/443) to ensure your server can only be reached through Kyvic.
5

Step 5 (Recommended): Use Relative Paths for All Internal Resources

For the best compatibility, we strongly recommend using relative paths for all your resources, including links, images, stylesheets, scripts, and API calls.While our proxy is designed to handle absolute paths (those with your full domain), the process isn’t perfect. Using them can cause assets to break when proxied through our service. To ensure everything loads correctly, please make sure all paths to your own resources start with a /.

​
HTML / JSX

  • ✅ Good: <a href="/about-us">
  • ❌ Bad: <a href="https://your-site.com/about-us">

​
CSS

This applies to @import rules and url() functions for fonts or background images.
  • ✅ Good: body { background-image: url('/images/background.jpg'); }
  • ❌ Bad: body { background-image: url('https://your-site.com/images/background.jpg'); }

​
JavaScript & API Calls

This is critical for Single Page Applications (SPAs).
  • ✅ Good: fetch('/api/data');
  • ❌ Bad: fetch('https://your-site.com/api/data');
6

Step 5: Verifying Your Setup

Once DNS propagation is complete, a “Protected” badge will appear next to your domain, showing that your site is now safeguarded against harmful bots and AI scrapers.
Although the process can take up to 48 hours, it typically completes within a few minutes to a couple of hours.

That's it! Your are all set!

🥳 Congratulations, your website is now protected by Kyvic Aegis.

​
Edge Cases

Most users won’t need this section, but it’s here for more complex setups.

​
Protecting Sites with Multiple Subdomains

If your website loads assets (like images or scripts) from different subdomains (e.g., www.yoursite.com and assets.yoursite.com), you must add each subdomain to your Kyvic Console and configure a separate CNAME record for each one.