Login/Register
Which cloud based, scalable web service is best for DDOS prevention? [closed]
Asked Answered
Solved securitygoogle-app-engineamazon-web-servicescloudddos
I

6

11

I have an idea for a website that I would like to develop and release. It is a web application that I would like to implement on some form of cloud-based web hosting service (i.e. the Google App Engine, Amazon Web Services, others that I may not be aware of...)

My problem is that even though my project is 100% legal, and not shady, it is highly susceptible to occasional DDOS attacks.

I've previously developed for the GAE and I am quite biased toward it. However, I can't seem to find that the Google service has any form of integrated DDOS protection. In fact, Google's on documentation states that if you think you've experienced a DDOS attack, you must provide the burden-of-proof, which they will research. If they think you have been attacked, they will reimburse you usage fees. Otherwise, you are left on your own.

Are there better, cloud-based hosting alternatives? I have my preferences, but I'm not married to any specific type of architecture or programming language.
What are my best cloud-based web hosting options for DDOS protection?

Incontestable answered 15/5, 2012 at 15:22 Comment(0)
E
2

CloudFlare seems to be what you need. The only thing I don't like about CloudFlare is that you have to use their DNS servers for your whole domain even if you just want to protect a subdomain.

Erythro answered 15/5, 2012 at 15:45 Comment(3)
Interesting. So, if I understand their services correctly, I can create a cloud app (in my case with Google App Engine) and just delegate my domain to CloudFlare, and they take care of the rest? What's the catch? This service is free (for what I would need.)Incontestable
There might be no catch as there are many services that are free for the lowest plan. Maybe they hope that you will be interested in buying their premium services.Erythro
To quote from CF support center: "Only limited DDoS protection and mitigation is provided to domains on a free or Pro plan through "I'm Under Attack" mode. If you are looking for advanced DDoS protection and mitigation and frequently suffer sizable DDoS attacks, please consider looking at our Business or Enterprise plans." support.cloudflare.com/hc/en-us/articles/…Bellbird
L
6

Google App Engine does provide DoS protection: see Python, Java and Go documentation.

Lorient answered 15/5, 2012 at 15:26 Comment(4)
Ah, thanks. I don't know how my searching didn't find that. However, what about in the case of a DDoS attack? Especially, if they have control of infected PCs, distributed across the globe? The documentation that you've provided seems to only offer black-listing through manual black-listing.Incontestable
Yes, black-listing is the only DDoS prevention feature there. Sounds like you might want to add your support to this feature request: code.google.com/p/googleappengine/issues/detail?id=6733Freudberg
That's DoS protection and not DDoS.Erythro
You can only have 100 blacklist entries and it does not help..Castiron
C
6

I actually work for CloudFlare and thought I would jump in...

"There might be no catch as there are many services that are free for the lowest plan. Maybe they hope that you will be interested in buying their premium services." Correct. We can also monetize the service through features, apps, etc.

@RLH We can offer some help with DDoS mitigation. "I'm Under Attack" can help mitigate many common http:// attacks & the basic nature of our network can help mitigate attacks as well.

Cranford answered 17/5, 2012 at 22:49 Comment(0)
E
2

CloudFlare seems to be what you need. The only thing I don't like about CloudFlare is that you have to use their DNS servers for your whole domain even if you just want to protect a subdomain.

Erythro answered 15/5, 2012 at 15:45 Comment(3)
Interesting. So, if I understand their services correctly, I can create a cloud app (in my case with Google App Engine) and just delegate my domain to CloudFlare, and they take care of the rest? What's the catch? This service is free (for what I would need.)Incontestable
There might be no catch as there are many services that are free for the lowest plan. Maybe they hope that you will be interested in buying their premium services.Erythro
To quote from CF support center: "Only limited DDoS protection and mitigation is provided to domains on a free or Pro plan through "I'm Under Attack" mode. If you are looking for advanced DDoS protection and mitigation and frequently suffer sizable DDoS attacks, please consider looking at our Business or Enterprise plans." support.cloudflare.com/hc/en-us/articles/…Bellbird
B
2

You will never find "free" DDos protection because, in order to protect you from DDos, a provider must "swallow" your extra traffic - thus using bandwidth which costs money.

All free DDos protection services I know, including those listed above, are given on "availability basis" - meaning they will only protect you from smaller attacks and only if the rest of the network can handle it.

Then again, this`s only fair. Your cannot get a cheap DDos solution, because solving DDos is never "free" or "cheap".

However, while "free" DDoS mitigation is not yet reliable, there are several trustworthy and affordable solutions. Check out this Top10Review, it pretty much sums it all up:

http://website-security-and-performance-review.toptenreviews.com/

Bellbird answered 30/5, 2012 at 8:29 Comment(0)
A
2

Since you have this tagged as "Amazon Web Services", I thought I comment on that aspect.

AWS works with a well-known network security vendor to automatically provide DDoS protection services to their network. Sometimes more sophisticated (or targeted) attacks get through though. In that case, you can contact the AWS security team and they'll help you triage your application.

It's also worth noting that if you're smartly using autoscaling, that can be a serious help in mitigating the problems caused by a DDoS.

Adamite answered 18/12, 2012 at 14:29 Comment(0)
G
1

There are certain things to consider before going on a Cloudflare plan, either free or paid: http://kwatog.com/blog/moving-out-of-cloudflare/

I would suggest you to try Incloudibly https://incloudibly.com/ - scalable Cloud hosting with free DDoS protection up to 10 Gb/s.

Garibaldi answered 22/12, 2012 at 7:0 Comment(1)
Just FYI most of those features that the author listed in that blog can be disabled in the CF panel...Jacelynjacenta

© 2022 - 2024 — McMap. All rights reserved.