Nolxy

Nolxy is an API Gateway platform that proxies HTTP requests on behalf of its users to their configured backend services. If you believe that traffic originating from Nolxy is being used in an abusive manner, please follow the reporting process below.

1. How to Identify Nolxy Traffic

All outgoing proxy requests from Nolxy include the following User-Agent identifier:

Nolxy-Gateway/1.0 (+https://nolxy.com/abuse)

This allows you to identify and, if necessary, block or rate-limit traffic originating from our gateway.

2. Report Abuse

If you believe Nolxy is being used to send abusive, unauthorized, or malicious traffic to your services, please contact us:

Email: abuse@nolxy.com

Please include the following information in your report:

Your name, organization, and contact email
The target URL(s) or domain(s) receiving abusive traffic
Approximate date/time range of the abuse (with timezone)
Description of the abusive behavior (e.g., scraping, DDoS, unauthorized access)
Any relevant logs, IP addresses, or request samples

3. What Happens After You Report

We take abuse reports seriously and respond within 48 hours. Our process:

Acknowledgment: We confirm receipt of your report within 24 hours.
Investigation: We identify the user account responsible using our internal audit logs.
Action: Depending on severity, we may warn the user, restrict their access to the offending domain, or suspend their account.
Follow-up: We notify you of the action taken (without disclosing the user's identity).

4. Prohibited Uses

Nolxy's Terms of Service explicitly prohibit the following:

Web scraping or crawling of third-party websites
DDoS attacks or traffic amplification
Using the gateway to conceal identity for illegal activities
Accessing services in violation of their terms of use
Distributing malware, phishing, or spam
Circumventing access controls or security measures of target services

5. Our Approach

Nolxy operates as a technical intermediary that forwards HTTP requests from authenticated users to their configured backend services.

Security Measures:

Authentication: All requests require a valid API key.
SSRF Protection: We block requests to private IP ranges to prevent internal network attacks.
Rate Limiting: Per-user quotas prevent individual account abuse.
Automatic Protection: Repeated violations trigger temporary blocks.
Audit Logging: We log request metadata for security investigation. We do not inspect the business content of requests.
Transparency: All outgoing requests include our User-Agent header.

We respond promptly to abuse reports and suspend accounts that violate our Terms of Service.

6. Legal Requests

For law enforcement or legal requests, please contact: