23

I am just thinking of moving a website from a VPS to Windows Azure Web Sites. After doing a load test, I accidentally took down my test website, using around 30MB over the daily bandwidth.

This made me wonder what would happen if my website was suddenly hit by a DDOS attack? I'm pretty sure everything would max out the daily and hourly limits in no time, even worse, redirecting all the users to the azure over limit notification.

Is there anything that can be done about that? I know the daily bandwidth limit will be harder to reach after I put all the images on a CDN, but I'm afraid what would happen if there's a spike or something.

Sorry for such an answer with no head and tail. I hope you guys will understand.

Dejan Pelzel
  • 359
  • 1
  • 3
  • 5
  • While not Azure specific the excellent [CloudFlare](http://www.cloudflare.com/) can actually do a lot to keep a site online in the face of a DDOS attack (and keep your Azure bill down in the process) – Jason Sperske Dec 07 '12 at 21:38
  • I also use cloudflare, but find it incredibly slow for dynamic sites (great for static content). I only turn it on if I catch an attack in progress. – George Filippakos Jul 14 '14 at 18:57

1 Answers1

15

Windows Azure has built-in load balancers that will stave off most (if not all) DOS type attacks. The truth is, Microsoft is very hush-hush on the specifics of how their load balancers protect against malicious attacks (as they should be).

An added benefit to hosting your applications in the cloud is that you can take advantage of auto-scaling when you get heavy loads (malicious or otherwise) so your site won't go down.

You might want to check out the Security Best Practices For Developing Windows Azure Applications document for more information on this.

Robert Greiner
  • 29,049
  • 9
  • 65
  • 85
  • 3
    I was able to find an [article](http://www.pcpro.co.uk/features/366397/will-companies-face-hosting-bill-shock-for-ddos-attacks) that said Microsoft will refund you some amount if you had to scale in response to a DDOS attach, though this is just a quote not an official statement. – Jason Sperske Dec 07 '12 at 21:37
  • Sure, that is true for low level DDOS but Azure doesn't do DDOS protection for "web requests". They expect customers to protect that themselves. – Kristofer Oct 05 '16 at 10:41
  • Yes but what about charges? If you're scaling up it's going to cost you. – K-Dawg Apr 24 '20 at 12:40