DDoS Protection

Validated on 15 May 2024 • Last edited on 15 May 2024

DigitalOcean DDoS Protection provides free, always-on protection from distributed denial-of-service (DDoS) attacks for applicable DigitalOcean resources.

How DDoS Attacks Work

DDoS attacks are malicious attempts to overwhelm servers, routers, load balancers, applications, and other network devices with incoming connections to render them inaccessible. Learn more about different kinds of DDoS attacks:

In a denial-of-service (DoS) attack, a threat actor renders information systems, devices, or other network resources inaccessible by overwhelming the target with malicious traffic. A distributed denial-of-service (DDoS) attack is a type of DoS attack where the overloading traffic originates from multiple attacking machines, amplifying the severity of the attack.

DDoS attacks can impact an app or website’s performance and availability for users, which may in turn cause a loss of revenue for business or harm the site’s reputation. Some attacks may also involve extortion, where the attacker demands payment for the discontinuation of the attack.

How DDoS Protection Works

DigitalOcean DDoS Protection helps safeguard DigitalOcean cloud resources from DDoS attacks by monitoring applicable resources for malicious or questionable volumes of incoming traffic. If DDoS Protection detects an attack, it provides automatic mitigation until the event is concluded or until the traffic reaches the mitigation capacity.

When traffic reaches DDoS Protection’s mitigation capacity, we send an email notification to the account owner and blackhole incoming traffic. Blackholing is a DDoS countermeasure that discards all incoming traffic (legitimate and malicious) to a target IP address, which could lead to the resource being unavailable until the incoming traffic drops below the mitigation capacity.

Scope of Protection

DDoS Protection is available and active for all DigitalOcean customers at no additional charge. It automatically protects all applicable resources starting from when you provision them, and requires no configuration or changes to your infrastructure or applications.

Protected Resources

DDoS Protection protects the following resources:

  • DigitalOcean Droplets
  • DigitalOcean Kubernetes (DOKS) clusters
  • DigitalOcean Managed Databases
  • DigitalOcean Load Balancers
  • Assigned reserved IPs

App Platform has native DDoS protection built into the platform.

Block storage and Spaces are not protected by DDoS Protection and don’t count towards your monthly resource usage.

Protected OSI Layers

DDoS Protection mitigates attacks on the network (layer 3) and transport (layer 4) layers of the OSI model. DDoS Protection does not support application layer (layer 7) protection.

In different terms, DDoS Protection protects against volumetric attacks (like UDP floods, ICMP floods, TCP floods, and DNS reflection) and protocol-layer attacks (like SYN floods, BGP attacks and ping of death).

Control Panel Blog Pricing Careers Terms Privacy Status API Docs Tutorials Support