In the above graph:

• WAF “sandwich” private subnet would be the subnet in which your HiveShield instances live, set-up to autoscale up and down, as demand increases and subsides.
• The “ELB” on the left will be called the “Upstream ELB” in the instructions below
• The “ELB” on the right will be called the “Downstream ELB” in the instructions below

1. Set-up your Upstream ELB pointing to an Autoscaled HiveShield instance, preferably C4 X-Large or C4 2X-Large.
2. Set-up your Downstream ELB pointing to your Autoscaled web servers.
3. Verify that your HiveShield instance cannot be reached directly from the outside World. It should only be accessible via your Upstream ELB.
4. Your HiveShield instance, at the top of its Admin Panel, has a “health check URL”. Copy it and paste it into your Upstream ELB‘s health-check configuration.
5. In HiveShield’s Admin Panel, enter the following:
   1. Add a Host for yoursite.com
      1. Add an alias for www.yoursite.com
      2. Or Vice-versa
   2. Load-Balanced Weighted IPs or Hosts: Create only one entry, and enter the Host Name for your Downstream ELB.
   3. Origin HTTP vs HTTPS: Pick HTTP unless you require end-to-end encryption inside your LAN.
   4. Trust X-Forwarded-For Header:
      1. Name: click “( Set to XFF )” link.
      2. Position: click “( Set to Last )” link.
6. You can leave other settings “as-is”.