开发者

Does Windows Azure have anything readily available against denial of service attacks?

开发者 https://www.devze.com 2023-04-02 07:18 出处:网络
We\'re developing a web service hosted in Windows Azure. We expect that at some moments bad guys try to DDOS it. I Googled and didn\'t find anything new and definitive (this one is rather vague) about

We're developing a web service hosted in Windows Azure. We expect that at some moments bad guys try to DDOS it. I Googled and didn't find anything new and definitive (this one is rather vague) about whether Windows Azure has some features agains开发者_如何学运维t denial of service attacks.

Do we need any special measures? What does Windows Azure offer to protect against denial of service attacks?


The Azure load balancer provides some protection, but the details of this are not published.


I reckon no one service provider could truly have a feature against denial of service attacks, because by saying that it means preventing DoS attacks. The only way is by migitating DoS attacks, which you can employ a number of techniques. I know that Windows Azure partially mitigates Denial of Service attacks, and this is due to the nature of the Load Balancer within the Azure environment. One technique that I know may work is to deploy an inexpensive role instance (Extra Small or Small)that acts as a reverse proxy to the actual web application which is sitting on the actual production role instance (Large or Extra Large instance)in Windows Azure. To implement the reverse proxy role instance, just enable ARR which is a feature within IIS. You can use startup tasks to enable ARR. This reverse proxy role instance may also have a rule in it that it checks for certain metrics, and if that metric has exceeded the preset threshold, it basically just stops accepting or forwarding the traffic onto the actual web app, or if automatic scaling is implemented, it just stops scaling beyond a maximum # of allowed instances. This minimized the economic impact from a DoS attack too. Then you just rely on how Windows Azure mitigates any Denial of Service attacks, which is when it detects any attack patterns from one Windows Azure role instance to another role instance. In that it will stop any attacks onto your actual web application.


A bit outdated blogpost about this but still relevant: http://blogs.blackmarble.co.uk/blogs/sspencer/post/2011/02/14/denial-of-service-and-windows-azure.aspx

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号