Preventing DDoS attacks
An effective way to prevent DDoS attacks targeting your web servers is to reduce the requests that reach those servers. Requests can come to your origin server from your web application and from direct connections to the server itself.
Reducing application requests to the origin
Caching
A cache stores copies of frequently accessed resources such as images and CSS files.
When a resource is cached, whether on a user’s browser or Content Delivery Network (CDN) server, requests for that resource do not have to go to your origin server. These resources are instead served directly by the cache. During a DDoS attack, caching reduces the number of requests going to your origin server, which makes it harder for your server to get overwhelmed by traffic.
Web application firewall (WAF)
A WAF creates a shield between a web application and the internet. The WAF checks incoming web requests and filters potentially malicious traffic to mitigate common attacks.
Prevent external connections
Generally, your origin server should accept only requests that come from your web application, but especially in context of DDoS attacks. Traffic that bypasses your web application also bypasses any WAF or caching you have, and has a stronger chance of overwhelming your origin.