DDoS protection

DDoS (Distributed Denial of Service) attacks flood servers with traffic from thousands to millions of compromised clients (botnets) to make them unreachable for legitimate users. Typical attack classes: volumetric (Gbps/Tbps bandwidth flood), protocol attacks (SYN flood, UDP reflection), application layer (HTTP flood against expensive endpoints). DDoS protection works on several layers: ISP edge filters obvious junk, CDN/WAF vendors (Cloudflare, Akamai, Fastly) absorb application-layer attacks, dedicated scrubbing centres (Voxility, OVH VAC, netcup filter) route suspicious traffic through filter hardware. European hosts with free baseline DDoS protection: netcup (Voxility layer), Hetzner (own filter, free), OVHcloud (VAC, free up to 1 Tbps), Cloud86 (filters up to 10 Gbps included). Commercial WAF pro plans typically cost €20–200/month.