How is DDoS (Distributed Denial of Service) used in practice?

See real-world examples and code snippets on the DDoS (Distributed Denial of Service) glossary page at CDN Certified.

What concepts are related to DDoS (Distributed Denial of Service)?

Related terms include: Edge Server, Point of Presence (PoP), Anycast.

DDoS (Distributed Denial of Service) (DDoS)

Security

An attack that floods a server with traffic from many sources to make it unavailable. CDNs absorb and filter DDoS traffic at the edge, keeping your origin online.

Updated Mar 9, 2026

Full Explanation

DDoS attacks come in three flavors. Volumetric attacks try to saturate your bandwidth with raw traffic (DNS amplification, UDP floods)—we're talking hundreds of Gbps. Protocol attacks exploit weaknesses in network protocols (SYN floods, Slowloris). Application-layer attacks send legitimate-looking HTTP requests that are expensive for your server to process.

CDNs are natural DDoS shields. Their Anycast network spreads attack traffic across hundreds of PoPs instead of concentrating it on your origin. A 500 Gbps attack split across 200 PoPs is 2.5 Gbps per PoP—easily absorbed. The CDN filters malicious traffic at the edge and only forwards clean requests to your origin.

Most CDNs include basic DDoS protection for free. Larger attacks or more sophisticated L7 attacks may need dedicated mitigation services with rate limiting, bot detection, and challenge pages.

See the interactive DDoS Mitigation animation in the course to visualize how CDNs absorb and filter attack traffic.

Interactive Animation

Loading animation...

Examples

# Cloudflare: DDoS protection is automatic
# But you can tune sensitivity via API
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/ddos" \
  -H "Authorization: Bearer {token}" \
  -d '{"sensitivity_level": "medium"}'

# Nginx: basic rate limiting as a first defense
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
location /api/ {
    limit_req zone=api burst=20 nodelay;
}

# Check if you're under attack
$ netstat -an | grep SYN_RECV | wc -l
# High numbers = possible SYN flood

Video Explanation

Frequently Asked Questions

An attack that floods a server with traffic from many sources to make it unavailable. CDNs absorb and filter DDoS traffic at the edge, keeping your origin online.

# Cloudflare: DDoS protection is automatic
# But you can tune sensitivity via API
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/ddos" \
  -H "Authorization: Bearer {token}" \
  -d '{"sensitivity_level": "medium"}'

# Nginx: basic rate limiting as a first defense
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
location /api/ {
    limit_req zone=api burst=20 nodelay;
}

# Check if you're under attack
$ netstat -an | grep SYN_RECV | wc -l
# High numbers = possible SYN flood

Related CDN concepts include:

Edge Server — A CDN server located at the network edge, close to end users. Handles caching, SSL …
Point of Presence (PoP) — A physical location containing CDN edge servers and networking equipment. PoPs are identified by airport …
Anycast — A routing technique where the same IP address is announced from multiple locations worldwide. The …

Previous Term DASH (Dynamic Adaptive Streaming over HTTP)

Next Term DNS (Domain Name System)

Back to Glossary