I have deployed an vm on azure and leave it on 2 days then recieved an email about ddos from china ip and being charged +$100 bandwidth fee
So here what i’m doing
In firewall i created rules: SSH (only allow from my private proxy), HTTP (only allow Cloudflare ip range) , MySQL (allow from all because i need to use remote connection), no ping (icmp) nor HTTPS since i use flexible ssl
In webapp i use php to check and blocking ip through htaccess file like
RewriteCond %{REMOTE_ADDR} ^0\.0\.0\.0$ [OR]
block ip append here
RewriteCond %{REMOTE_ADDR} ^1\.1\.1\.1$
RewriteRule .* redirect-to-static-page [R=302,L]
Is this secure enough to avoiding ddos or bandwidth flooding?
Also, not sure how Microsoft calculates traffic but blocking it on your firewall is probably not sufficient as it will still reach your machine. Thats best a question for them.
So i should use Cloudflare api to block ip, incase server is being ddos it can’t reach api endpoint, i can use another one to check service heath but how to get ip threats
Probably always on Under Attack Mode is best choice.
Well, you can place your server behind Cloudflare but there is a good chance they already have your IP address so that probably wont help, unless you have a way to block these requests on a network level. It is best to contact Microsoft about that.