< br > < br > < strong > IV. How to prevent DDoS attacks < / strong > < br > < br > what to do when the server is attacked by heavy traffic? In order to protect against multi-directional DDoS attacks, it is necessary to deploy a number of different strategies to mitigate different levels of attacks. In general, the more complex the attack, the more difficult it is to distinguish between attack traffic and normal traffic. The goal of the attacker is to mix with normal traffic as much as possible, thus minimizing the effectiveness of mitigation. Here are several solutions against DDoS attacks: < br > < br > < span > 1, Black Hole routing < / span > < br > < br > there is a solution for almost all network administrators: create a black hole route and send traffic into it. In the simplest form, when black hole filtering is implemented without specific restrictions, both legitimate and malicious network traffic will be routed to empty routes or black holes and discarded from the network. < br > < br > if an Internet device is attacked by DDoS, the Internet service provider (ISP) of that device may send all traffic from the site to the black hole as a defense. This is not an ideal solution because it is equivalent to enabling the attacker to achieve the desired goal: making the network inaccessible. < br > < br > < span > 2, rate limit < / span > < br > < br > limiting the number of requests received by the server in a certain period of time is also a way to protect against denial of service attacks. While rate limiting is helpful to slow down content theft by Web crawlers and protect against brute force cracking attacks, rate limiting alone may not be sufficient to effectively deal with complex DDoS attacks. < br > < br > < span > 3, Web Application Firewall < / span > < br > < br > Web Application Firewall (WAF) is an effective tool to help mitigate layer 7 DDoS attacks. When WAF is deployed between the Internet and the origin server, WAF can act as a reverse proxy to protect the target server from certain types of malicious traffic. < br > < br > can prevent layer 7 attacks by filtering requests based on a set of rules used to identify DDoS tools. One of the key values of WAF is the ability to quickly implement custom rules in response to attacks. < br > < br > < span > 4, Anycast Network Diffusion < / span > < br > < br > Anycast is a network addressing and routing method that routes incoming requests to different locations or “nodes”. In CDN, Anycast typically routes incoming traffic to the nearest data center that can handle requests efficiently. Selective routing enables Anycast networks to cope with high traffic, network congestion, and DDoS attacks. < br > < br >
By seopew 
