[throwawaysea]

If you didn’t want to depend on a big provider like AWS or Cloudflare, what is the approach to fending off a DDoS attack? What type of hardware would you need to acquire? What type of software? Are there guides on this type of thing?

[neom]

You could try to do it yourself with firewall rules, reverse proxies, things like that, but to fight large scale ddos you really need to be moving the traffic around using BGP, and you'd want to dump the traffic somewhere, so you'd need bandwidth to dump the traffic into, that's why companies like cloudflare exist, they're able to work with bgp and they have a lot of bandwidth to absorb the traffic on behalf of the customer.

[bluGill]

You need a massive amount of bandwidth and a few redundant servers. There are counties with less bandwidth than you need to handle. It isn't impossible, but cloudflare isn't evil (that I know of?) and so it is best to support them as your backup