![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 98%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Azure DDos Protection
An Azure service that provides defense against distributed denial-of-service (DDoS) attacks.
68 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Thank you for reaching out.
If I understand correctly, you are using PaaS services which are publicly accessible and not integrated with a virtual network and you want to know how you can set-up DDOS protection for these services.
Based on your question above.
in this this case does azure PaaS service have any default DDoS protection/mitigation. If not kindly suggest how DDoS protection can be enabled.
Services running on Azure are inherently protected by the default infrastructure-level DDoS protection. However, the protection that safeguards the infrastructure has a much higher threshold than most applications have the capacity to handle, and does not provide telemetry or alerting, so while a traffic volume may be perceived as harmless by the platform, it can be devastating to the application that receives it. This is currently documented here.
The recommended approach in such scenarios is to deploy the Paas Services behind Azure Application Gateway with Web Application Firewall(WAF) and enable DDOS Network protection for the Application Gateway's Virtual Network. You also need to configure your PaaS services to receive traffic only from Azure Application Gateway. The architecture is explained in detail here. DDOS Network protection provides protection against Layer 3 and Layer 4 DDOS attacks and Web Application Firewall protects against Layer 7 DDOS attack. You can go through this article for more information on Types of attacks Azure DDoS Protection mitigates.
Hope this helps! Please let me know if you have any additional questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.