This is a work in progress and not a release. We're looking for volunteers. See Issues and Contribution to know how to collaborate.

DDoS Protection

Engineer/Developer Security Specialist Operations & Strategy Devops Cloud SRE

Distributed Denial of Service (DDoS) attacks are a pervasive threat that can disrupt your services by overwhelming them with excessive traffic.

Best Practices

  • Use Cloud Provider Solutions: Utilize DDoS protection services offered by your cloud provider:

AWS

  • AWS Shield Standard and Advanced:
    • Shield Standard: Basic DDoS protection at no extra cost.
    • Shield Advanced: Enhanced protection with real-time visibility and access to AWS DDoS Response Team (DRT).
  • Amazon CloudFront and AWS WAF:
    • CloudFront: Distributes traffic globally to mitigate DDoS attacks.
    • AWS WAF: Protects against application layer attacks.

Azure

  • Azure DDoS Protection Basic and Standard:
    • DDoS Protection Basic: Automatic protection against common attacks.
    • DDoS Protection Standard: Advanced protection with real-time monitoring.
  • Azure Front Door and Azure Application Gateway with WAF:
    • Front Door: Global application delivery with DDoS mitigation.
    • Application Gateway with WAF: Protects against various attacks.

GCP

  • Google Cloud Armor: Provides DDoS protection and WAF capabilities.
  • Load Balancing: Distributes traffic to mitigate DDoS attacks.
  • VPC Flow Logs and Stackdriver Logging: Monitors and logs traffic patterns for effective response.

External DDoS Protection Providers

In addition to cloud provider solutions, consider external DDoS protection services:

  • Cloudflare: Offers comprehensive DDoS protection and mitigation services.
  • Akamai: Provides scalable DDoS protection solutions.
  • Imperva: Specializes in DDoS protection and mitigation.