Introduction DDoS attacks can overwhelm services by flooding them with traffic. Mitigation requires a combination of WAF rules, rate limiting, CDN-based filtering, and infrastructure scaling.

Symptoms - Traffic spike 10-100x normal levels - Server CPU and network at 100% - Legitimate users receiving 503 errors - Cloud provider DDoS protection alerts - Log files showing requests from many unique IPs

Common Causes - Volumetric attack (UDP/TCP flood) - Application layer attack (HTTP flood, Slowloris) - DNS amplification attack - Bot network hitting API endpoints - No rate limiting on public endpoints

Step-by-Step Fix 1. **Enable DDoS protection': ```bash # AWS Shield Advanced aws shield create-protection --resource-arn <arn> # Cloudflare # Enable Under Attack Mode in dashboard ```

  1. 1.**Add WAF rate limiting rules':
  2. 2.```bash
  3. 3.aws wafv2 create-ip-set --name "blocked-ips" --scope REGIONAL \
  4. 4.--ip-address-version IPV4 --addresses 1.2.3.4/32 5.6.7.8/32
  5. 5.`
  6. 6.**Implement application rate limiting':
  7. 7.```nginx
  8. 8.limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
  9. 9.server {
  10. 10.location /api/ {
  11. 11.limit_req zone=api burst=20 nodelay;
  12. 12.}
  13. 13.}
  14. 14.`

Prevention - Deploy behind CDN with DDoS protection (Cloudflare, AWS Shield) - Implement rate limiting on all public endpoints - Use Web Application Firewall with known attack patterns - Set up auto-scaling for traffic absorption - Maintain DDoS response runbook