About DDoS protection in CIS

How CIS ingests and protects traffic

IBM Cloud Internet Services ingests traffic by returning a CIS IP address on the DNS lookup for a domain, instead of the actual record for the origin server’s IP address. This allows CIS to ingest, single‑pass inspect, and re‑encrypt data before sending it to the origin server destination.

CIS can also act in DNS-only mode, returning the actual DNS record without obfuscating the IP, which disables DDoS and the other functions of CIS. To enable CIS protections, switch the "proxy" slider next to each DNS record to on; to disable protections, switch to off.

Unlimited DDoS mitigation

DDoS mitigation is typically an expensive service that can grow in cost when under attack. Unlimited DDoS mitigation is included with CIS at no additional cost.

Layer‑7 mitigation options available in CIS

Though DDoS is enabled by default in CIS, you can further configure Layer 7 security by:

• Configuring WAF ruleset sensitivity and response behavior
• Adding rate limiting
• Adding firewall rules

Use these features to customize Layer 7 mitigation of both volumetric and non-volumetric attacks.

Mitigating non-volumetric attacks

CIS WAF contains rulesets to mitigate non-volumetric attacks, including cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection. For additional information about WAF, see Web Application Firewall concepts.

Related links

• DDoS attack concepts
• Preventing DDoS attacks
• Responding to DDoS attacks
• Using Defense mode for DDoS attacks
• Third-party services and DDoS protection
• HTTP DDoS Attack Protection managed ruleset