What would happen if Google changed their A Records to point to my Azure app service?
Question
Purely hypothetical here, but I have been dealing with (accidental) DDoS attacks on one of our web servers in the recent past, and was always curious what would happen if you completely opened the flood gates.
Obviously, anything hosted on that particular web server instance would come to a grinding halt, and our best bet to (relatively) quickly mitigate the issue would be to completely kill the app service plan, and roll up a new one from scratch (making absolutely sure it didn't end up with the same IP address).
Aside from that, what would be a good way to mitigate an "attack" like this, particularly in an Azure App Service environment? Would you be able to inspect the appropriate headers and dump the traffic prior to the web server handling the request? Is this something that can be handled by Traffic Manager?
I know Azure has some built-in DDoS prevention, but I think something like this scenario would be nearly impossible to mitigate, as the traffic will be coming from everywhere.
Thanks in advance!
1 answers
solution1
0 2017-12-13 00:35:27
For Layer 7 (HTTP/HTTPS); you can configure Azure Application Gateway in Web Application firewall (WAF) mode -to route all the traffic to your App Service environment. For L3/L4 protection, you can configure Azure DDoS Protection Standard service on the virtual network of the Application Gateway. Further in the web app settings ensure the traffic is accepted only via the App Gateway IPs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.