Login/Register
Microsoft Azure DDOS protection
Asked Answered
azureddosazure-ddos
F

2

7

I am running an enterprise scale application in Microsoft Azure. I wanted to know what the recommendations are for DDOS projection in Microsoft Azure. The documentation clearly states that the platform is protected from DDOS with not much more detail. My understanding of the Azure DDOS is

  • If another customer is being attacked by a DDOS attack, your application won't suffer
  • If your application is being attached by a DDOS attack, Microsoft will stop all connections to your end point and in effect taking down your service.

Based on this understanding, I would prefer if the connection from the particular IP/set of IPS was blocked rather than taking the entire application down.

Would I be better placed to use a product like Incapsula to protect against DDOS?

Foretaste answered 10/2, 2016 at 14:29 Comment(1)
You're right in saying that the platform protects itself and that you don't have any control on that. The only way around that is to use a 3rd party service like CloudFlare or Incapsula.Citify
M
5

Azure doesn't protect your app against DDOS. Therefore, you should use dynamicIpSecurity if it's not enough, use CloudFlare

In Web.config

 <system.webServer>
  .
  .
   <security>
     <ipSecurity allowUnlisted="true">
        <!-- Add Here trusted Ips-->
        <add ipAddress="1.1.1.1.1" allowed="true" />
     </ipSecurity>

     <dynamicIpSecurity denyAction="Forbidden">
       <denyByConcurrentRequests enabled="true" maxConcurrentRequests="20" />
       <denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="1000" />
     </dynamicIpSecurity>

   </security>

 </system.webServer>

The <denyByRequestRate> element specifies that a remote client will be blocked if the number of requests received over a period of time exceeds a specific number.

The <denyByConcurrentRequests> element specifies that a remote client will be blocked if the number of concurrent HTTP connection requests from that client exceeds a specific number.

So In this example; If a client (ip) makes 20 concurrent requests or 30 requests in a second, the other requests which this client(ip) makes will get 403.

Menstrual answered 10/2, 2016 at 15:6 Comment(0)
F
2

Microsoft Azure now has a DDOS protection service. There is a basic (free) and standard (paid) service. More information can be found at https://learn.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

Foretaste answered 14/11, 2018 at 8:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.