DDoS attack overwhelms server with requests so it becomes unavailable. Protection requires multiple layers.

DDoS Types¶

• Volumetric: UDP flood, DNS amplification
• Protocol: SYN flood, Ping of Death
• Application: HTTP flood, Slowloris

Protection¶

• CDN/Proxy (Cloudflare, AWS CloudFront)
• Rate limiting at edge
• Auto-scaling for absorption
• Geo-blocking
• Connection limiting in Nginx

Nginx rate limiting¶

limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; server { location /api/ { limit_req zone=api burst=20 nodelay; } }

Key Takeaway¶

CDN + rate limiting + auto-scaling. Cloudflare or AWS Shield for volumetric attacks.