_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
CS EN DE
Let's talk

DDoS Protection — How to Defend

26. 09. 2025 Updated: 27. 03. 2026 2 min read intermediate

A DDoS attack overwhelms a server with requests so it becomes unavailable to legitimate users. Modern attacks reach hundreds of Gbps and millions of requests per second — no single server or network connection can absorb them. Protection requires multiple layers, from network level to application layer, combining CDN, rate limiting, and auto-scaling.

DDoS Types

  • Volumetric: UDP flood, DNS amplification — bandwidth saturation with massive data volume
  • Protocol: SYN flood, Ping of Death — exploiting network protocols to exhaust connection state
  • Application: HTTP flood, Slowloris — targeting the application layer, harder to detect

Volumetric attacks are the easiest to detect (abnormal volume) but require capacity to absorb. Application-level attacks are more sophisticated — they look like legitimate traffic but overload specific endpoints (search, login, API).

Protection

  • CDN/Proxy (Cloudflare, AWS CloudFront) — absorbing volumetric attacks at the edge
  • Rate limiting at edge — limiting requests per IP address
  • Auto-scaling for absorption — horizontal scaling under increased load
  • Geo-blocking — blocking traffic from regions where you do not expect users
  • Connection limiting in Nginx — limiting simultaneous connections
# Nginx rate limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
server {
    location /api/ {
        limit_req zone=api burst=20 nodelay;
    }
}

Rate limiting at the Nginx level protects individual endpoints. Zone api allocates 10 MB of shared memory for tracking IP addresses. Rate 10r/s allows 10 requests per second per IP, burst 20 permits short-term spikes. For global protection, combine with Cloudflare or AWS Shield.

Incident Response

Prepare a DDoS response playbook in advance: ISP contacts, procedures for activating Cloudflare Under Attack mode, escalation matrices. During an attack, it is too late to search for documentation. Test regularly — load testing reveals weak points before an attacker does.

Key Takeaway

CDN + rate limiting + auto-scaling form the basic defensive triad. Cloudflare or AWS Shield for volumetric attacks, application rate limiting for sophisticated attacks.

securityddoscdncloud
Share:

CORE SYSTEMS team

We build core systems and AI agents that keep operations running. 15 years of experience with enterprise IT.

All articles

More know-how

OWASP Top 10: Server-Side Request Forgery (SSRF)

SSRF attacks — how an attacker exploits a server to access internal services.

Kubernetes Network Policies — Microsegmentation in the Cluster

How to use Network Policies to isolate services in a Kubernetes cluster and implement the principle of least...

Confidential Computing — Confidential Computations in the Cloud

Confidential Computing in 2026: TEE enclaves, encrypted memory, multi-party computation and practical deployment in...

How to Secure Your Home Network

A practical guide to securing your home network — router, DNS, VPN, segmentation.