# DDoS Protection

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt normal traffic by overwhelming a target system or network with excessive requests.\
Medianova’s **DDoS Protection** automatically detects and mitigates these attacks without requiring any manual activation.\
From rate limiting to IP and Geo blocking, Medianova ensures uninterrupted availability even under heavy attack conditions.

### **How Medianova DDoS Protection Works**

Medianova integrates several protection layers designed to stop attacks before they impact your services.

<figure><img src="/files/8LuHbLsiErMKsoxp5Elc" alt=""><figcaption><p>Medianova DDoS Protection Architecture</p></figcaption></figure>

#### **Always-On Defense**

Your DDoS protection is active by default.\
There is no need for additional setup — your web assets are continuously monitored and protected against common attack types such as:

* DNS Query Floods
* Slowloris Attacks
* HTTPS GET / POST Floods

#### **Anycast DNS Infrastructure**

Medianova’s global [Anycast DNS](/products/dns/dns-vs-dynamic-dns-vs-anycast-dns.md) distributes thousands of requests across multiple servers.\
This prevents traffic overload on a single endpoint and mitigates large-scale network floods.

{% hint style="warning" %}
Anycast DNS not only improves security but also reduces latency by routing users to the nearest edge location.
{% endhint %}

#### **IP and Origin Protection**

You can reduce the risk of DDoS threats by concealing your origin IP before an attack begins.\
Medianova provides an extra layer of protection through **Secure Cloud**, limiting exposure of your origin infrastructure and filtering harmful traffic before it reaches your servers.

**Warning:** Exposing your origin IP directly allows attackers to bypass DDoS mitigation layers.

#### **Rate Limiting and Geo Blocking**

Edge-level rate limiting and Geo-based filtering restrict malicious or excessive traffic patterns.\
This ensures that legitimate users maintain access while harmful requests are dropped early in the network path.

#### **WAF Integration**

When combined with Medianova’s [**Web Application Firewall (WAF)**](https://clients.medianova.com/products/security/web-application-firewall-waf), DDoS Protection forms a complete multi-layer defense system.\
This integration protects not only against volumetric attacks but also against **application-layer threats**, such as bot floods or malicious payloads targeting web applications.

### **Best Practices**

* Conceal your origin IP using **Secure Cloud** or **Origin Shield**.
* Combine **DDoS Protection** with **WAF** for enhanced multi-layer defense.
* Keep critical DNS zones under [**Anycast DNS**](/products/dns/dns-vs-dynamic-dns-vs-anycast-dns.md) to distribute load globally.
* Regularly review threat and access logs to identify abnormal patterns.

Medianova DDoS Protection delivers continuous and intelligent protection against both volumetric and application-layer attacks.\
By combining global Anycast DNS distribution, adaptive rate limiting, and origin shielding, Medianova ensures your online services remain fast, secure, and always available.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://clients.medianova.com/products/security/ddos-protection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.