DigitalOcean

Report this

What is the reason for this report?
Question

Preventing DDoS attacks without Cloudflare?

Posted on March 19, 2017
Security
Ubuntu 16.04
Icarus1

By Icarus1

Hello all!

I plan on also using cloudflare, but it’s not difficult to resolve the internal/host IP and then attack that directly. Any way to protect myself as most as possible in addition to the frontend cloud flare service?

Thanks!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
November 1, 2023
Pinned Answer

Hello there,

Quick update here. I’m excited to share that DigitalOcean has introduced a new feature in response to the valuable feedback we’ve received from users like you: DigitalOcean DDoS Protection:

https://www.digitalocean.com/products/ddos-protection

Here are some key points about this new offering:

  1. Cost: DigitalOcean DDoS Protection is available at no additional cost. That’s right, it’s a free service for all users!

  2. Coverage: The protection extends to a range of DigitalOcean resources including:

    • Droplets
    • Kubernetes
    • Managed Databases
    • Load Balancers
    • Reserved IPs

  3. Protection Layers: This service provides protection primarily at the Network (layer 3) and Transport (layer 4) layers of the OSI model. Please note that Application layer (layer 7) DDoS Protection is currently not supported.

  4. Latency Concerns: One of the standout features of this service is that mitigation takes place entirely within the DigitalOcean network. This means that data traffic doesn’t leave our network for mitigation, ensuring that your applications experience no additional latency.

  5. Overall Benefit: DigitalOcean DDoS Protection is an always-on service designed to defend your DigitalOcean cloud resources against a range of generalized, network-layer DDoS attacks. This ensures that your apps and websites run smoothly, without the threat of potential disruptions from such attacks.

Best,

Bobby

0
Flamber Hansen
Flamber Hansen
March 19, 2017

How is it possible to resolve host IP, when you’re using CloudFlare? That’s the major use-case for using the service, is to hide host IP address. Of course, you can choose to use their DNS-only service, which will work like any other regular DNS service - meaning it’ll show host IP address.

0
sdayman
sdayman
March 19, 2017

I used the following setup: Let’s Encrypt on my server. Strict SSL on Cloudflare Cloudflare-set SSL (Https) for all requests.

So…as the OP says, your origin IP is still unprotected. To offer some protection, I set up Cloudflare Authenticated Origin pull: https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls

It still doesn’t shield you from DDoS, but it helps a bit.

Here’s a discussion I had on the Cloudflare blog: https://blog.cloudflare.com/ddos-ransom-an-offer-you-can-refuse/

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.