Hi,
Good Day.
I have recently come across that Azure DDoS is a new service that offers protection against DDoS kinds of attack by default.
When we say DDoS, this is mainly caused by bots or scripts to emulate thousands of attacks in a min.
Does it provide bot detection & control out of the box? Or should we consider writing rules for WAF?
Please advice.
Regards
Hello @RaghuramanC-4789, welcome to the Microsoft Q&A forum.
Azure DDOS Standard protection protects against Layer 3 and Layer 4 attacks, when combined with WAF you get up to Layer 7 protection as well. As Azure DDOS and WAF grant protection at different layers they are often deployed together. As per the FAQ documentation When Application Gateway with WAF is deployed in a DDoS protected VNet, there are no additional charges for WAF - you pay for the Application Gateway at the lower non-WAF rate.
Azure DDOS Standard protects against Volumetric attacks that flood the network layer with a substantial amount of seemingly legitimate traffic. They include UDP floods, amplification floods, and other spoofed-packet floods. DDoS Protection Standard mitigates these potential multi-gigabyte attacks by absorbing and scrubbing them, with Azure's global network scale, automatically.
To summarize, in order to provide full layer 3 to layer 7 mitigation capability, it is better to have Azure DDOS Standard and Application Gateway web application firewall rules enabled.
Hope this helps! Please let me know if you have any additional questions. Thank you!
1 Person is following this question.
