2

If we have some spherical application in vacuum hosted on Microsoft Azure, that we would like to protect against DDoS attack with minimum economic impact and maximum reliability then:

  1. Is it useful to organize reverse proxy like squid or nginx as a protection level against DDoS?

  2. If true - does it make sense to deploy reverse proxy on Azure or as dedicated server?

  3. If we deploy proxy on Azure, should/can it be multiinstantinated and if not, won't it become a bottleneck?

  4. If false - what measures can be appplied to effective respond on ddos attack real time, except scaling out by throwing more instances to keep up with traffic surge and relying on Azure's Load Balancer?

mumu2
  • 661
  • 1
  • 5
  • 15

1 Answers1

0

The Microsoft Datacenters that host Windows Azure already have protections for items such as DDoS attacks. That said, it is still up to you to monitor your application for unexpected and potentially invalid spikes in traffic and to react accordingly. This can be scaling up your capacity to handle the load using multiple service instances, or by submitted support tickets to have the invalid traffic blocked by MSFT's datacenter protections.

BrentDaCodeMonkey
  • 5,493
  • 20
  • 18
  • 1
    Does Azure protection filter UDP/SYN flood? What should we do under some LOIC attack, when we need to cut invalid traffic by referrer - submit ticket to support? How long time does it take support to respond on ticket in case of invalid traffic? – mumu2 Oct 23 '12 at 14:13