Microsoft Azure DDOS protection

Question

I am running an enterprise scale application in Microsoft Azure. I wanted to know what the recommendations are for DDOS projection in Microsoft Azure. The documentation clearly states that the platform is protected from DDOS with not much more detail. My understanding of the Azure DDOS is

• If another customer is being attacked by a DDOS attack, your application won't suffer
• If your application is being attached by a DDOS attack, Microsoft will stop all connections to your end point and in effect taking down your service.

Based on this understanding, I would prefer if the connection from the particular IP/set of IPS was blocked rather than taking the entire application down.

Would I be better placed to use a product like Incapsula to protect against DDOS?

Answer 1

Azure doesn't protect your app against DDOS. Therefore, you should use dynamicIpSecurity if it's not enough, use CloudFlare

In Web.config

 <system.webServer>
  .
  .
   <security>
     <ipSecurity allowUnlisted="true">
        <!-- Add Here trusted Ips-->
        <add ipAddress="1.1.1.1.1" allowed="true" />
     </ipSecurity>

     <dynamicIpSecurity denyAction="Forbidden">
       <denyByConcurrentRequests enabled="true" maxConcurrentRequests="20" />
       <denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="1000" />
     </dynamicIpSecurity>

   </security>

 </system.webServer>

The <denyByRequestRate> element specifies that a remote client will be blocked if the number of requests received over a period of time exceeds a specific number.

The <denyByConcurrentRequests> element specifies that a remote client will be blocked if the number of concurrent HTTP connection requests from that client exceeds a specific number.

So In this example; If a client (ip) makes 20 concurrent requests or 30 requests in a second, the other requests which this client(ip) makes will get 403.