All scenarios / Your services don't exist for scanners.
Case 02 · Stealth Mode

Your services don't exist for scanners.

No public DNS records for internal services. Direct requests fail with a DNS error. With the extension, DNS resolution happens at the gateway, invisibly routing your team to the right IP.

Try Live Demo

How to try:

  • 1. Install the extension for Chrome or Firefox
  • 2. Enter the demo token: kW9jF
  • 3. Open the demo domain (available from the extension menu) and compare behavior with the extension on and off.
grafana.l7.run — With extension: Grafana login. Without: NXDOMAIN error.
See how it works in the video demo above
All scenarios
NXDOMAIN
Response without the extension
200
Response with the extension
0
Public DNS records exposing the host
01

The problem → L7 Admin Guard way

Status quo

If it's reachable, it's scanned.

An admin panel on a public IP is on Shodan within a day. Even behind allow-listed IPs, hostname leakage in DNS makes targeted attacks easy. Cert transparency logs broadcast every subdomain you provision.

  • Mass scanners hit your panel hourly
  • Cert transparency leaks every hostname
  • IP allow-lists fail when employees travel
L7 Admin Guard way

No DNS record. Invisible by default.

Don't create a DNS record for internal services (like Grafana). Instead, add grafana.site.com in our admin panel with its target IP/port. Direct visits get a DNS error. The extension delegates DNS resolution to the gateway, which fetches the IP from its config. Scanners see nothing; your team works normally.

  • No public DNS records for protected services
  • DNS resolution happens on the gateway, not publicly
  • Selective browser routing: only protected domains go through the gateway
02

How it works

Scanner GET grafana.site.com Sees NXDOMAIN error
public DNS →
L7 Extension Intercepts request Routes to gateway
gateway resolve →
Server Receives request Real admin panel served
03

Step by step

01

Skip the DNS record

For internal services (e.g., Grafana), simply don't create a public DNS record. In the L7 admin panel, add the domain grafana.site.com and set the Target to the actual IP address or port.

02

Direct access fails

If anyone tries to visit grafana.site.com directly, they get a standard browser error saying the site doesn't exist in DNS. To the rest of the internet, including bots, it simply isn't there.

03

Access via extension

With the extension enabled, DNS resolution happens at the gateway. The gateway ignores public DNS and takes the IP directly from your settings. Thanks to selective routing, only protected domains pass through the gateway, letting your team work seamlessly.

04

Common questions

Does this break browser clients without the extension?
Yes — that is the point. For public sites, use a normal route. Stealth is for resources that should not be discoverable.
What about cert transparency leaks?
Use wildcard certificates so individual hostnames never appear in CT logs.

Ship this in five minutes.

Live demo, no signup. Or grab the trial — every feature, fourteen days, no card.

Try Live Demo

How to try:

  • 1. Install the extension for Chrome or Firefox
  • 2. Enter the demo token: kW9jF
  • 3. Open the demo domain (available from the extension menu) and compare behavior with the extension on and off.
grafana.l7.run — With extension: Grafana login. Without: NXDOMAIN error.
See how it works in the video demo above
Read docs