I am running an enterprise scale application in Microsoft Azure. I wanted to know what the recommendations are for DDOS projection in Microsoft Azure. The documentation clearly states that the platform is protected from DDOS with not much more detail. My understanding of the Azure DDOS is
Based on this understanding, I would prefer if the connection from the particular IP/set of IPS was blocked rather than taking the entire application down.
Would I be better placed to use a product like Incapsula to protect against DDOS?
Azure doesn't protect your app against DDOS. Therefore, you should use dynamicIpSecurity
if it's not enough, use CloudFlare
In Web.config
<system.webServer>
.
.
<security>
<ipSecurity allowUnlisted="true">
<!-- Add Here trusted Ips-->
<add ipAddress="1.1.1.1.1" allowed="true" />
</ipSecurity>
<dynamicIpSecurity denyAction="Forbidden">
<denyByConcurrentRequests enabled="true" maxConcurrentRequests="20" />
<denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="1000" />
</dynamicIpSecurity>
</security>
</system.webServer>
The
<denyByRequestRate>
element specifies that a remote client will be blocked if the number of requests received over a period of time exceeds a specific number.The
<denyByConcurrentRequests>
element specifies that a remote client will be blocked if the number of concurrent HTTP connection requests from that client exceeds a specific number.
So In this example; If a client (ip) makes 20 concurrent requests or 30 requests in a second, the other requests which this client(ip) makes will get 403.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With