stackoom
  简体   繁体   中英

Microsoft Azure DDOS protection

 原文  2016-02-10 14:29:58       azure/ ddos/ azure-ddos

Question

I am running an enterprise scale application in Microsoft Azure. I wanted to know what the recommendations are for DDOS projection in Microsoft Azure. The documentation clearly states that the platform is protected from DDOS with not much more detail. My understanding of the Azure DDOS is

  • If another customer is being attacked by a DDOS attack, your application won't suffer
  • If your application is being attached by a DDOS attack, Microsoft will stop all connections to your end point and in effect taking down your service.

Based on this understanding, I would prefer if the connection from the particular IP/set of IPS was blocked rather than taking the entire application down.

Would I be better placed to use a product like Incapsula to protect against DDOS?

2 answers

solution1
 5  2016-02-10 15:06:05

Azure doesn't protect your app against DDOS. Therefore, you should use dynamicIpSecurity if it's not enough, use CloudFlare

In Web.config 

 <system.webServer>
  .
  .
   <security>
     <ipSecurity allowUnlisted="true">
        <!-- Add Here trusted Ips-->
        <add ipAddress="1.1.1.1.1" allowed="true" />
     </ipSecurity>

     <dynamicIpSecurity denyAction="Forbidden">
       <denyByConcurrentRequests enabled="true" maxConcurrentRequests="20" />
       <denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="1000" />
     </dynamicIpSecurity>

   </security>

 </system.webServer>

The <denyByRequestRate> element specifies that a remote client will be blocked if the number of requests received over a period of time exceeds a specific number.

The <denyByConcurrentRequests> element specifies that a remote client will be blocked if the number of concurrent HTTP connection requests from that client exceeds a specific number.

So In this example; If a client (ip) makes 20 concurrent requests or 30 requests in a second, the other requests which this client(ip) makes will get 403.

solution2
 1  2018-11-14 08:17:11

Microsoft Azure now has a DDOS protection service. There is a basic (free) and standard (paid) service. More information can be found at https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Microsoft Azure DDoS protection alert not recevied Organizing DDoS protection on Windows Azure Azure managed service DDOS protection Azure Event Grid - Webhook subscription authentication and DDOS protection What is the best practice for ddos protection on Windows Azure virtual machine? Microsoft Endpoint Protection Windows Azure 2.0 Detect that file is protected by Microsoft Azure Information Protection Neo4j: Ubuntu hosted endpoint protection on Microsoft Azure DDoS attack mitigation on Azure infrastructure Can Azure Performance Tests be used to DDoS?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM