ESA monitors traffic in real time to identify attack patterns like SYN floods, ACK floods, and CC attacks. When it detects unusual traffic, ESA promptly blocks malicious requests while allowing legitimate traffic to pass, ensuring business continuity.
How to protect against DDoS attacks
During a Distributed Denial-of-Service (DDoS) attack, an attacker floods a web server with a high volume of fake requests. This exhausts server resources and prevents the server from responding to legitimate users. To effectively defend against these attacks, you must intercept and filter traffic before it reaches your origin server.
ESA uses a multi-layered defense system that combines Anti-DDoS, WAF rules, and a smart cache policy. This approach effectively blocks malicious requests, reduces the load on your origin server, and ensures that legitimate traffic is delivered efficiently.
Mitigate attacks with Anti-DDoS
ESA provides built-in Anti-DDoS capabilities and offers two protection levels depending on your subscription plan: Basic DDoS Protection and Best-effort Protection.
Basic DDoS Protection
ESA automatically enables Basic DDoS Protection for users of the Free, Basic, Standard, Premium, and Enterprise Editions plans, with no configuration required. This feature automatically defends against DDoS attacks of up to 10 Gbps and CC attacks of up to 100,000 queries per second (QPS). Here, a CC attack is defined as any request to your site blocked by ESA, using either your configured rules or ESA's built-in security rules. During an attack, ESA provides best-effort defense at its edge ESA POPs. However, this may affect acceleration performance, and Basic DDoS Protection does not guarantee a specific mitigation time frame.
If your site faces a high risk of DDoS attacks or requires more robust and guaranteed protection, contact us to upgrade to the Enterprise Edition plan.
Best-effort Protection
Users of the Enterprise Edition plan can purchase Best-effort Protection as an add-on. With Best-effort Protection, ESA enables the HTTP DDoS Attack Protection and Deep Learning and Protection features by default. The HTTP DDoS Attack Protection feature works in real time. It uses built-in general mitigation rules, derived from vast security data, to block sudden HTTP attack surges. This prevents excessive requests from overwhelming your origin server. The Deep Learning and Protection feature continuously learns from attack patterns and generates dynamic protection policies to enhance security.
If you encounter false positives or need to strengthen the protection, you can adjust the levels and modes of HTTP DDoS Attack Protection and Deep Learning and Protection based on your service's performance.
-
In the ESA console, choose Websites, and then click the target site in the Website column.
-
In the left-side navigation pane, choose .
-
On the Protection Settings tab, in the HTTP DDoS Attack Protection section, click Configure. Set the protection level as needed, and then click OK.
-
In the Deep Learning and Protection section, click Configure. Set the protection level and mode as needed, and then click OK.
Protect web applications with WAF rules
A Web Application Firewall (WAF) acts as a shield between your web application and the internet. It analyzes access requests in real time and filters out malicious traffic to prevent common network attacks and ensure application stability.
ESA offers WAF features at its global ESA POPs. Using various protection strategies such as smart rate limiting, security analysis, rule templates, and custom rules, ESA forwards only clean traffic to your origin server, ensuring the security of your site and data worldwide.
Reduce origin requests with a cache policy
ESA's cache policy caches website content on globally distributed ESA POPs. When a user requests a resource, the content is served from the nearest ESA POP instead of directly from the origin server.
During a DDoS attack, the cache policy serves repeated requests from the nearest ESA POP. This significantly reduces traffic to the origin server, mitigating the risk of overload.
